Dear Rob,
Thank you for your post.
My name is Laura and it is my pleasure to work with you on this post. I
understand that you connected two domains with IPSec link. Domain B needs
to access all resources in the domain A and the DNS and WINS settings point
to the WINS and DNS servers of the domain A. However, users in the Domain B
can only ping servers in domain A by IP but not by netbios name.
To trouble shooting this problem efficiently, please answer the following
questions so that I can have a better idea as to the exact problem:
- Do the two domains trust each other?
- Which NetBIOS node-type do you use for the client computers in the domain
B?
- What is the result when you run "ipconfig /all" on the computers in the
domain B?
- Please check whether the DNS and WINS server information is configured
properly on the domain B machines.
In addition, please check the following items:
- Please ensure that the firewall enables the NetBIOS resolution protocol
to go through. NetBIOS uses TCP 139 & UDP 137/138 port.
- Computers that need to use IP Security Protocol (IPSec) for secure
communications must authenticate themselves before establishing an IPSec
session. If the computers belong to different domains in the same forest,
you can still use Kerberos if there is a trust established between the
domains. If there is no trust between the domains, you should use
certificates to authenticate the computers.
Please refer to the following Microsoft Knowledge Base article for the
recommended configuration:
248694 Configuring IPSec to Handle Trusted and Untrusted Domain
Authentication
http://support.microsoft.com/?id=248694
More Information
-------------------
119493 NetBIOS over TCP/IP Name Resolution and WINS
http://support.microsoft.com/?id=119493
160177 Default Node Type for Microsoft Clients
http://support.microsoft.com/?id=160177
If you have any questions or concerns, please feel free to let me know. I
am glad to be of assistance.
Have a nice day!
Best regards,
Laura Zhang
Microsoft Online Support Engineer
Get Secure! - <
www.microsoft.com/security>
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Content-Class: urn:content-classes:message
| From: "rob" <
[email protected]>
| Sender: "rob" <
[email protected]>
| Subject: Name resolution question
| Date: Tue, 12 Aug 2003 13:54:29 -0700
| Lines: 14
| Message-ID: <
[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Thread-Index: AcNhE+yphv2V0EF6Tnu/iFoA4d5Gdw==
| Newsgroups: microsoft.public.win2000.ras_routing
| Path: cpmsftngxa06.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.ras_routing:6457
| NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
| X-Tomcat-NG: microsoft.public.win2000.ras_routing
|
| I have two dominos with a IPSec link.
| Users on DomainB need to have access to all resources
| including Exchange Server on domainA.
| Seetings for DomainB:
| Their DNS and WINS settings point to DomainA WINS and DNS
| servers.
|
| Users on DomainB can ping any servers on domainA by IP but
| not by netbios name.
|
| Any idea how I can fix this problem.
|
| Thanks-Rob
|
|