?
Solved

Trust Relationship

Posted on 1998-09-26
2
Medium Priority
?
1,070 Views
Last Modified: 2013-12-28
I have 2 Win NT 4.0 PDC's  connected over the WAN through VSAT's. I have not been able to achieve a Trust
Relationship between them. Both the PDC's have tried to establish the Trust Relationship in unison but still could not
do so.One of the PDC is not able to find the Domain Controller of the other.

What could be the reasons for the above ?

I would like you to note the following :
Both the PDC's are able to PING each other. I also have
a limited Bandwidth capacity.
0
Comment
Question by:legojoseph
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 5

Accepted Solution

by:
Mujeeb082598 earned 200 total points
ID: 1793079
Hi :)

I think the problem is in your Network Address Translater if u have on in your installation. Read along the following to clearify the mystry.

PSS ID Number: Q172227
Article last modified on 04-21-1998

SYMPTOMS
========

When you have a Network Address Translator (NAT) separating a Windows NT
domain controller from its domain members or other trusted domains,
Netlogon communication may fail. You will still be able to successfully
redirect a drive across the NAT, and  browse across the NAT, but logons
attempts and trusts may fail. For example:
 
 - When a client attempts to logon to the domain across the NAT, it may
   receive an error message similar to the following:
 
      A domain controller for your domain could not be contacted. You have
      been logged on using cached account information. Changes to your
      profile since you last logged on may not be available.
 
   -or-
 
 - When you attempt to establish a trust relationship between domains, you
   may receive an error message similar to the following:
 
      Could not find domain controller for this domain.
 
NOTE: The error messages and conditions may differ from the above, but it
will always be Netlogon communications that fail.
 
CAUSE
=====
 
Your NAT is not translating the source IP address from the NetBIOS header
in your network traffic.
 
RESOLUTION
==========
 
To successfully implement a Windows NT domain structure using a NAT, the
NAT will have to translate the addresses in NetBIOS datagram headers.
Please consult the vendor of your NAT for information on this issue.
 
STATUS
======
 
The third-party products discussed here are manufactured by vendors
independent of Microsoft; we make no warranty, implied or otherwise,
regarding these products' performance or reliability.
 
MORE INFORMATION
================
 
NATs are used in IP networks to translate addresses from one network to
another. For example, if an internal network used one of the non-routeable,
private network IDs from RFC1597, such as 10.0.0.0, you could use
a NAT to translate these addresses into a public IP address and route them
onto the Internet. When a packet comes back to the NAT, it retranslates the
address back to the private address of the originating host.
 
If you send a NetBIOS datagram, as the Netlogon process does, the NetBIOS
header contains the source IP address. The reply to this NetBIOS datagram
will be sent directly to this IP address that is found in the NetBIOS
header as defined in RFC1002, section 4.4. If the NAT only translates
addresses in the IP header, and not in the NetBIOS header, the packet may
be sent to the wrong address. In this example, the packet would be sent
back to the computer on the 10.0.0.0 network, which is a private address
and not routeable.
 
The following NetBIOS headers contain an Owner IP address field which may
require translation:
 
NetBIOS Name Management
-----------------------
 
 - Name Registration/Refresh/Release Request
 
 - Name Registration/Refresh/Release Response
 
 - Positive Name Query Response
 
NetBIOS Datagram
----------------
 
 - Datagram Service Header
 
 - Directed and Broadcast Datagram
 
 - Datagram Error Packet
 
NetBIOS datagrams are used for the following purposes:
 
 - Locating a logon server
 
 - Sending a logon request
 
 - Performing domain synchronization
 
 - Browser host name announcements
 
 - Browser workgroup/domain announcements
 
 - NetBIOS Master Browser Existence and Election Packets
 
 - NET SEND /d:<Domain> "Message"
0
 

Expert Comment

by:hkchoong
ID: 8582264
Mujeeb,

Recently I have setup the configuration mentioned by legojoseph. However, my setup involve one NT server and one Win2000 server. These servers are linked up VPN via a pair of Nokia firewall. I cannot setup the trust between the servers.

Do you think this problem is caused by NAT of the VPN ?

Please advise.
0

Featured Post

Are You Using the Best Web Development Editor?

The worlds of web hosting and web development are constantly evolving. Every year we see design trends change, coding standards adapt and new frameworks/CMS created. With such a quick pace of change it’s easy to get lost trying to keep up.

See if your editor made the list.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article helps those who get the 0xc004d307 error when trying to rearm (reset the license) Office 2013 in a Virtual Desktop Infrastructure (VDI) and/or those trying to prep the master image for Microsoft Key Management (KMS) activation. (i.e.- C…
When asking a question in a forum or creating documentation, screenshots are vital tools that can convey a lot more information and save you and your reader a lot of time
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question