Solved

Trust Relationship

Posted on 1998-09-26
2
1,068 Views
Last Modified: 2013-12-28
I have 2 Win NT 4.0 PDC's  connected over the WAN through VSAT's. I have not been able to achieve a Trust
Relationship between them. Both the PDC's have tried to establish the Trust Relationship in unison but still could not
do so.One of the PDC is not able to find the Domain Controller of the other.

What could be the reasons for the above ?

I would like you to note the following :
Both the PDC's are able to PING each other. I also have
a limited Bandwidth capacity.
0
Comment
Question by:legojoseph
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 5

Accepted Solution

by:
Mujeeb082598 earned 100 total points
ID: 1793079
Hi :)

I think the problem is in your Network Address Translater if u have on in your installation. Read along the following to clearify the mystry.

PSS ID Number: Q172227
Article last modified on 04-21-1998

SYMPTOMS
========

When you have a Network Address Translator (NAT) separating a Windows NT
domain controller from its domain members or other trusted domains,
Netlogon communication may fail. You will still be able to successfully
redirect a drive across the NAT, and  browse across the NAT, but logons
attempts and trusts may fail. For example:
 
 - When a client attempts to logon to the domain across the NAT, it may
   receive an error message similar to the following:
 
      A domain controller for your domain could not be contacted. You have
      been logged on using cached account information. Changes to your
      profile since you last logged on may not be available.
 
   -or-
 
 - When you attempt to establish a trust relationship between domains, you
   may receive an error message similar to the following:
 
      Could not find domain controller for this domain.
 
NOTE: The error messages and conditions may differ from the above, but it
will always be Netlogon communications that fail.
 
CAUSE
=====
 
Your NAT is not translating the source IP address from the NetBIOS header
in your network traffic.
 
RESOLUTION
==========
 
To successfully implement a Windows NT domain structure using a NAT, the
NAT will have to translate the addresses in NetBIOS datagram headers.
Please consult the vendor of your NAT for information on this issue.
 
STATUS
======
 
The third-party products discussed here are manufactured by vendors
independent of Microsoft; we make no warranty, implied or otherwise,
regarding these products' performance or reliability.
 
MORE INFORMATION
================
 
NATs are used in IP networks to translate addresses from one network to
another. For example, if an internal network used one of the non-routeable,
private network IDs from RFC1597, such as 10.0.0.0, you could use
a NAT to translate these addresses into a public IP address and route them
onto the Internet. When a packet comes back to the NAT, it retranslates the
address back to the private address of the originating host.
 
If you send a NetBIOS datagram, as the Netlogon process does, the NetBIOS
header contains the source IP address. The reply to this NetBIOS datagram
will be sent directly to this IP address that is found in the NetBIOS
header as defined in RFC1002, section 4.4. If the NAT only translates
addresses in the IP header, and not in the NetBIOS header, the packet may
be sent to the wrong address. In this example, the packet would be sent
back to the computer on the 10.0.0.0 network, which is a private address
and not routeable.
 
The following NetBIOS headers contain an Owner IP address field which may
require translation:
 
NetBIOS Name Management
-----------------------
 
 - Name Registration/Refresh/Release Request
 
 - Name Registration/Refresh/Release Response
 
 - Positive Name Query Response
 
NetBIOS Datagram
----------------
 
 - Datagram Service Header
 
 - Directed and Broadcast Datagram
 
 - Datagram Error Packet
 
NetBIOS datagrams are used for the following purposes:
 
 - Locating a logon server
 
 - Sending a logon request
 
 - Performing domain synchronization
 
 - Browser host name announcements
 
 - Browser workgroup/domain announcements
 
 - NetBIOS Master Browser Existence and Election Packets
 
 - NET SEND /d:<Domain> "Message"
0
 

Expert Comment

by:hkchoong
ID: 8582264
Mujeeb,

Recently I have setup the configuration mentioned by legojoseph. However, my setup involve one NT server and one Win2000 server. These servers are linked up VPN via a pair of Nokia firewall. I cannot setup the trust between the servers.

Do you think this problem is caused by NAT of the VPN ?

Please advise.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will be converting StringData saved within a text file into a hash table. This can be further used in a PowerShell script for replacing settings that are dynamic in nature from environment to environment.
This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question