Cannot trust domain

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

We have a 2 domains. One on our subnet and the other on a different domain on
another subnet. I cannot trust this domain I get domain cannot be contacted.
I have a WINS server here and their but still no luck. What should I be
looking at? Also I can ping the addresses but not the names. Please help.
Thanks.
 
Sounds like you have some DNS problems. Are these two domains in different
forests? I suspect they might be. If so, try creating a secondary DNS zone
for domain 1 on domain 2's DNS server and also create a secondary DNS zone
for domain 2 on domain 1's DNS server.
 
PBJ said:
We have a 2 domains. One on our subnet and the other on a different domain on
another subnet. I cannot trust this domain I get domain cannot be contacted.
I have a WINS server here and their but still no luck. What should I be
looking at? Also I can ping the addresses but not the names. Please help.
Thanks.
Click to expand...

External trusts are usually a NetBIOS name resolution
problem (not DNS) and you are correct that you need
the WINS servers since you have multiple subnets (i.e.,
broadcasts cannot resolve the NetBIOS names.)

Since you have the WINS servers there are two likely
possibilities:

1) All the DCs in each domain much be themselves
WINS clients (NIC->IP advanced properties)

2) The (multiple) WINS servers are not replicating
 
Ensure that the 1B records exsits for both domains in the respective WINS
databases. If not, add these records. If one of the domains does not utlizie
a Wins server add the record to the lmhost file on each of the DC's. That
should correct your problems once these records exsist.

Example:

10.134.128.46 domain_contoller_netbios_name_here #PRE #DOM:Domain_name Here

10.134.128.46 "Domain_name_here \0x1b" #PRE

Ensure that thier is exactly "8" spaces between the last letter of the
netbios name of your domain on the second line or this will not work.

Regards,

John Powell
 
I could have been a little more clearer on the the last statment about the 8
character spaces and is it turn out, my memory served me incorectly- Follow
these instructions from the link below - this will expalin the character
limitations on the 1B record creation.

http://support.microsoft.com/kb/180094


Best Regards,


John Powell
 
John Powell said:
I could have been a little more clearer on the the last statment about the 8
character spaces and is it turn out, my memory served me incorectly- Follow
these instructions from the link below - this will expalin the character
limitations on the 1B record creation.
Click to expand...


The key is that ALL (every single one) NetBIOS
name ever used is 16 characters exactly.**

The x1b or whatever represents 1 character, the
hex code for the service being registered.

So take the name, pad with enough spaces so that
the hex code on the end will make 16 exactly.

**Yes, technically "computer names" (and users
or domain/workgroup names) are not NetBIOS
names but rather are used by the system to FORM
the NetBIOS name which it registers on the
Network.

Ok, it's a NetBIOS programmer's thing <grin>
 
Thanks guys, I fixed all the LMHosts files now I am able to ping this (DC of
the other Subnet) by the NetBios name and get to it through the UNC path. But
I still do not see the domain in Network connections.

How can I check if the WINS servers are replicating or not? I looked at the
statistics on our side and it says it found 15 records , some conflicts etc.
Thanks!
 
PBJ said:
Thanks guys, I fixed all the LMHosts files now I am able to ping this (DC of
the other Subnet) by the NetBios name and get to it through the UNC path. But
I still do not see the domain in Network connections.
Click to expand...

There is no reason to use LMHosts files if you also
have WINS Server(s).

Make every machine a WINS client of the same WINS
datatabase and you will not need the LMHosts files --
this is like Hosts file vs. DNS servers (same relationship.)

Same WINS database == same WINS server OR a replicating set
of WINS servers
How can I check if the WINS servers are replicating or not? I looked at the
statistics on our side and it says it found 15 records , some conflicts
Click to expand...
etc.

Use the WINS Server MMC to inspect them. And if you
haven't used that then they are NOT replicating by default.
 
Yes, I've been using the MMC. But unless I put the domain name , DC as a
static mapping it doesn't come up automatically. Is it suppose to come up
automatically or do I have to put in the static mappings of the DC on the
other subnet. Right now all I see is our domain and our DC not theirs. Thanks.
 
PBJ said:
Yes, I've been using the MMC. But unless I put the domain name , DC as a
static mapping it doesn't come up automatically. Is it suppose to come up
automatically or do I have to put in the static mappings of the DC on the
other subnet. Right now all I see is our domain and our DC not theirs. Thanks.
Click to expand...

You probably didn't make the DC a WINS CLIENT.

Servers are NAME RESOLUTION CLIENTS too.

Especially when you want dynamic registration, such
as WINS or Dynamic DNS.
 
Thanks but I did that, I've done that. Now what?
So what you are saying is they should come up automatically when I do the
"find by name *"since they are WINS clients, I shouldn't have to put static
enteries into the WINS MMC? Not working, what else?
 
OK I got it. Basically it was not coming through because the "replicate only
with partners" was on. Since it was seeing the firewall address and NOT the
actual WINS server address here, it would reject it. Thanks a lot for you
help. Now I will try the trust and see what happens.
 
PBJ said:
Thanks but I did that, I've done that. Now what?
So what you are saying is they should come up automatically when I do the
"find by name *"since they are WINS clients, I shouldn't have to put static
enteries into the WINS MMC? Not working, what else?
Click to expand...

If they have SHARES that do not end in a dollar$ sign
they should.

If the servers and the clients are all WINS clients, and
the if all of your WINS servers replicate then yes, they
will see the servers which offer (non-hidden$) shares.
 
Herb, now I see their domain in Network connections but their is nothing in
their, no DC's and no workstations, why not?
Shouldn't I atleast see the DC's? Also I don't have to go to each PC to
enable WINS, do I? can't I just point the DNS server to the WINS server
address? Thanks
 
PBJ said:
Herb, now I see their domain in Network connections but their is nothing in
their, no DC's and no workstations, why not?
Shouldn't I atleast see the DC's? Also I don't have to go to each PC to
enable WINS, do I?
Click to expand...

Possibly, but have you actually SHARED any resources?

Servers (in this sense it includes workstations that offer
shares) do not appear unless they offer some non-hidden
shares....
can't I just point the DNS server to the WINS server
address?
Click to expand...

What would that accomplish?


In general, all of your machines need to be WINS
clients, including the DCs and even the WINS server
itself.

This is largely separate and distinct from DNS.
 
Back
Top