Solved

Trust Relationship

Posted on 1998-09-26
2
1,058 Views
Last Modified: 2013-12-28
I have 2 Win NT 4.0 PDC's  connected over the WAN through VSAT's. I have not been able to achieve a Trust
Relationship between them. Both the PDC's have tried to establish the Trust Relationship in unison but still could not
do so.One of the PDC is not able to find the Domain Controller of the other.

What could be the reasons for the above ?

I would like you to note the following :
Both the PDC's are able to PING each other. I also have
a limited Bandwidth capacity.
0
Comment
Question by:legojoseph
2 Comments
 
LVL 5

Accepted Solution

by:
Mujeeb082598 earned 100 total points
ID: 1793079
Hi :)

I think the problem is in your Network Address Translater if u have on in your installation. Read along the following to clearify the mystry.

PSS ID Number: Q172227
Article last modified on 04-21-1998

SYMPTOMS
========

When you have a Network Address Translator (NAT) separating a Windows NT
domain controller from its domain members or other trusted domains,
Netlogon communication may fail. You will still be able to successfully
redirect a drive across the NAT, and  browse across the NAT, but logons
attempts and trusts may fail. For example:
 
 - When a client attempts to logon to the domain across the NAT, it may
   receive an error message similar to the following:
 
      A domain controller for your domain could not be contacted. You have
      been logged on using cached account information. Changes to your
      profile since you last logged on may not be available.
 
   -or-
 
 - When you attempt to establish a trust relationship between domains, you
   may receive an error message similar to the following:
 
      Could not find domain controller for this domain.
 
NOTE: The error messages and conditions may differ from the above, but it
will always be Netlogon communications that fail.
 
CAUSE
=====
 
Your NAT is not translating the source IP address from the NetBIOS header
in your network traffic.
 
RESOLUTION
==========
 
To successfully implement a Windows NT domain structure using a NAT, the
NAT will have to translate the addresses in NetBIOS datagram headers.
Please consult the vendor of your NAT for information on this issue.
 
STATUS
======
 
The third-party products discussed here are manufactured by vendors
independent of Microsoft; we make no warranty, implied or otherwise,
regarding these products' performance or reliability.
 
MORE INFORMATION
================
 
NATs are used in IP networks to translate addresses from one network to
another. For example, if an internal network used one of the non-routeable,
private network IDs from RFC1597, such as 10.0.0.0, you could use
a NAT to translate these addresses into a public IP address and route them
onto the Internet. When a packet comes back to the NAT, it retranslates the
address back to the private address of the originating host.
 
If you send a NetBIOS datagram, as the Netlogon process does, the NetBIOS
header contains the source IP address. The reply to this NetBIOS datagram
will be sent directly to this IP address that is found in the NetBIOS
header as defined in RFC1002, section 4.4. If the NAT only translates
addresses in the IP header, and not in the NetBIOS header, the packet may
be sent to the wrong address. In this example, the packet would be sent
back to the computer on the 10.0.0.0 network, which is a private address
and not routeable.
 
The following NetBIOS headers contain an Owner IP address field which may
require translation:
 
NetBIOS Name Management
-----------------------
 
 - Name Registration/Refresh/Release Request
 
 - Name Registration/Refresh/Release Response
 
 - Positive Name Query Response
 
NetBIOS Datagram
----------------
 
 - Datagram Service Header
 
 - Directed and Broadcast Datagram
 
 - Datagram Error Packet
 
NetBIOS datagrams are used for the following purposes:
 
 - Locating a logon server
 
 - Sending a logon request
 
 - Performing domain synchronization
 
 - Browser host name announcements
 
 - Browser workgroup/domain announcements
 
 - NetBIOS Master Browser Existence and Election Packets
 
 - NET SEND /d:<Domain> "Message"
0
 

Expert Comment

by:hkchoong
ID: 8582264
Mujeeb,

Recently I have setup the configuration mentioned by legojoseph. However, my setup involve one NT server and one Win2000 server. These servers are linked up VPN via a pair of Nokia firewall. I cannot setup the trust between the servers.

Do you think this problem is caused by NAT of the VPN ?

Please advise.
0

Featured Post

Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
This is an article about Leadership and accepting and adapting to new challenges. It focuses mostly on upgrading to Windows 10.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now