DNS WINS trusted domains and IIS

  • Thread starter Thread starter James
  • Start date Start date
J

James

We have a windows 2k domain (ADOMAIN) with a DNS server
and a WINS server. A trusted domain (TDOMAIN) resolved
their addresses from these same DNS and WINS servers.

An IIS server with host header name on ADOMAIN has an
alias on the DNS server and users from within ADOMAIN can
ping the alias and use the web site it points to, simply
by doing a ping alias or http://alias. Users on the
TDOMAIN can ping the alias only if they ping
Alias.Adomain, pinging alias fails. They can not access
the alias web site by doing http://alias.adomain or
http://alias.

The DNS server and the WINS server have an entry for the
Internal web server and the trusted domain users are able
to ping and access the default web page.

If I add a host file entry to a trusted domain user pc
then they can access the alias web site without
incident. I am trying to avoid using host files though.

It sounds like the trusted domain is attempting to use
the WINS server for resolution. How can I get it to use
the DNS server and/or have the trusted domain users able
to type in http://alias?
 
In
James said:
We have a windows 2k domain (ADOMAIN) with a DNS server
and a WINS server. A trusted domain (TDOMAIN) resolved
their addresses from these same DNS and WINS servers.

An IIS server with host header name on ADOMAIN has an
alias on the DNS server and users from within ADOMAIN can
ping the alias and use the web site it points to, simply
by doing a ping alias or http://alias. Users on the
TDOMAIN can ping the alias only if they ping
Alias.Adomain, pinging alias fails. They can not access
the alias web site by doing http://alias.adomain or
http://alias.

The DNS server and the WINS server have an entry for the
Internal web server and the trusted domain users are able
to ping and access the default web page.

If I add a host file entry to a trusted domain user pc
then they can access the alias web site without
incident. I am trying to avoid using host files though.

It sounds like the trusted domain is attempting to use
the WINS server for resolution. How can I get it to use
the DNS server and/or have the trusted domain users able
to type in http://alias?
Click to expand...

Unfortunately IE will not use DNS if accessing it by http://singlename,
alias or not. It will use NetBIOS. Matter of fact it will use your current
logged on user account for authentication and it will not prompt for the
logon box if going outside your domain, unless it's a trusted domain and the
user account as been granted permissions on the website properties or in
NTFS on the folder.

IE is designed to use an FQDN, such as http://www.domain.com or
http://servername.domain.com. If using an FQDN, it will prompt for a logon
box if needed.

I noticed you are giving examples of http://alias.addomain. Is there not a
TLD on the end of it, such as .com or .net, etc? If so, this is a single
label name and can cause numreous issues with AD, especially with SP4.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Thanks for the response Ace, I appreciate it.

Do you think you could clarify the resolution process of
Adomain http://alias successful vs Tdomain http://alias
failed?

we would actually be adomain.com...

Thanks again,

-----Original Message-----
In James <[email protected]> posted their thoughts, then I
offered mine

Unfortunately IE will not use DNS if accessing it by http://singlename,
alias or not. It will use NetBIOS. Matter of fact it will use your current
logged on user account for authentication and it will not prompt for the
logon box if going outside your domain, unless it's a trusted domain and the
user account as been granted permissions on the website properties or in
NTFS on the folder.

IE is designed to use an FQDN, such as
Click to expand...
http://www.domain.com or
http://servername.domain.com. If using an FQDN, it will prompt for a logon
box if needed.

I noticed you are giving examples of
Click to expand...
http://alias.addomain. Is there not a
 
Well, like I said, IE won't work that way with Aliases. Normally I don't
recommend (as well as most others here too) not to use CNAMES (aliases). IE
doesn't use them. When you ping it will suffix your search suffix (do an
ipconfig /all to see the Primary DNS Suffix and the DNS Search Suffix) to
the single name and will attempt to resolve it that way. So to answer your
question, when you ping, it depends on your search suffix. For IE, this
doesn't count.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top