I have a a slight problem with a domain controller basically I can't connect
to it.
However it gets a bit stranger than just that.
the dc in question is on an alternate subnet in a different domain
completely to our main domain controllers however it is on the same subnet as
one of our dc's
If you try to connect to it from the subnet it's on there is no problem (all
the trust relationships between the two domains have been set and from the
dodgy dc you can connect to all the other dcs in the alternate domain across
all the different subnets.
However during my investigations into this I noticed that from a different
subnet I get an error 22 in the smb connection (network monitor) and it
doesn't seem to connect to the IPC$ share
Now to fix this so this dc is viewable/accesible from different subnets do I
need to add an additional dc to the other networks or am I missing something
totaly obvious here ?
sounds like there may be some routing/firewall issues on your network.
Have you checked to see if all ports are opened? Is your network fully
routed or is network address translation used on one of the routers along the
way?
If it works on the local site but fails on the remote you really need to
investigate connectivity.
That's what I thought but we have a second domain (well our primary) that
works fine across the sites. Although all the return packets seem to have the
cisco's router mac address on it.
Unfortunately I don't have console access to these routers(managed network)
The default gateway is the firewall but there is nothing in the logs
regarding it blocking the ip however that does give me an idea.
I'll try setting a static route for the network block in question.
As far as I'm aware there is no nat going on it's all on a private network
address range so should all be routed fine.
Although in the network monitor logs the mac the return traffic is coming
from is a cisco mac address.
I don't have console access to the routers so I don'tt know how they are set
up (managed wan)
Although the strange thing is the other domain we have runs fine across
these links.
I can gain access to network resources on the dc but I can't run any of the
management interfaces on it unless I'm on the same local lan.
It really sounds like NAT is being used on that Cisco router. That is the
only reason a netmon trace would show the router's MAC as the
Source/Destination of a packet.
It's possible by port forwarding correctly to get one of those machines to
work across a NAT but a second DC I don't believe would be possible.
The CISCO router will need to be modified to turn off NAT and route packets
normally.
I've spoken with bt and they assure my there is no nat on the router and he
is checking out the router (I hope)
However I have been doing some checking
if I use ntdsutil to connect to the remote ldap server I get server down.
however if I telnet to the port it runs on I get a response (not a good one
but the connection stays up).
It's not an authentication issue and according to the server it's not listed
in the deny ip list.
Although if it where running nat that would explain the telnet thing but it
wouldn't explain being able to map the different drives or remote the
computers
Would it make much difference if this dc used to be on a different ip
address ?
