Solved

Trust Relationship

Posted on 1998-09-26
2
1,054 Views
Last Modified: 2013-12-28
I have 2 Win NT 4.0 PDC's  connected over the WAN through VSAT's. I have not been able to achieve a Trust
Relationship between them. Both the PDC's have tried to establish the Trust Relationship in unison but still could not
do so.One of the PDC is not able to find the Domain Controller of the other.

What could be the reasons for the above ?

I would like you to note the following :
Both the PDC's are able to PING each other. I also have
a limited Bandwidth capacity.
0
Comment
Question by:legojoseph
2 Comments
 
LVL 5

Accepted Solution

by:
Mujeeb082598 earned 100 total points
Comment Utility
Hi :)

I think the problem is in your Network Address Translater if u have on in your installation. Read along the following to clearify the mystry.

PSS ID Number: Q172227
Article last modified on 04-21-1998

SYMPTOMS
========

When you have a Network Address Translator (NAT) separating a Windows NT
domain controller from its domain members or other trusted domains,
Netlogon communication may fail. You will still be able to successfully
redirect a drive across the NAT, and  browse across the NAT, but logons
attempts and trusts may fail. For example:
 
 - When a client attempts to logon to the domain across the NAT, it may
   receive an error message similar to the following:
 
      A domain controller for your domain could not be contacted. You have
      been logged on using cached account information. Changes to your
      profile since you last logged on may not be available.
 
   -or-
 
 - When you attempt to establish a trust relationship between domains, you
   may receive an error message similar to the following:
 
      Could not find domain controller for this domain.
 
NOTE: The error messages and conditions may differ from the above, but it
will always be Netlogon communications that fail.
 
CAUSE
=====
 
Your NAT is not translating the source IP address from the NetBIOS header
in your network traffic.
 
RESOLUTION
==========
 
To successfully implement a Windows NT domain structure using a NAT, the
NAT will have to translate the addresses in NetBIOS datagram headers.
Please consult the vendor of your NAT for information on this issue.
 
STATUS
======
 
The third-party products discussed here are manufactured by vendors
independent of Microsoft; we make no warranty, implied or otherwise,
regarding these products' performance or reliability.
 
MORE INFORMATION
================
 
NATs are used in IP networks to translate addresses from one network to
another. For example, if an internal network used one of the non-routeable,
private network IDs from RFC1597, such as 10.0.0.0, you could use
a NAT to translate these addresses into a public IP address and route them
onto the Internet. When a packet comes back to the NAT, it retranslates the
address back to the private address of the originating host.
 
If you send a NetBIOS datagram, as the Netlogon process does, the NetBIOS
header contains the source IP address. The reply to this NetBIOS datagram
will be sent directly to this IP address that is found in the NetBIOS
header as defined in RFC1002, section 4.4. If the NAT only translates
addresses in the IP header, and not in the NetBIOS header, the packet may
be sent to the wrong address. In this example, the packet would be sent
back to the computer on the 10.0.0.0 network, which is a private address
and not routeable.
 
The following NetBIOS headers contain an Owner IP address field which may
require translation:
 
NetBIOS Name Management
-----------------------
 
 - Name Registration/Refresh/Release Request
 
 - Name Registration/Refresh/Release Response
 
 - Positive Name Query Response
 
NetBIOS Datagram
----------------
 
 - Datagram Service Header
 
 - Directed and Broadcast Datagram
 
 - Datagram Error Packet
 
NetBIOS datagrams are used for the following purposes:
 
 - Locating a logon server
 
 - Sending a logon request
 
 - Performing domain synchronization
 
 - Browser host name announcements
 
 - Browser workgroup/domain announcements
 
 - NetBIOS Master Browser Existence and Election Packets
 
 - NET SEND /d:<Domain> "Message"
0
 

Expert Comment

by:hkchoong
Comment Utility
Mujeeb,

Recently I have setup the configuration mentioned by legojoseph. However, my setup involve one NT server and one Win2000 server. These servers are linked up VPN via a pair of Nokia firewall. I cannot setup the trust between the servers.

Do you think this problem is caused by NAT of the VPN ?

Please advise.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Recently Microsoft released a brand new function called CONCAT. It's supposed to replace its predecessor CONCATENATE. But how does it work? And what's new? In this article, we take a closer look at all of this - we even included an exercise file for…
This is an article about Leadership and accepting and adapting to new challenges. It focuses mostly on upgrading to Windows 10.
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now