Link to home
Start Free TrialLog in
Avatar of nherron
nherron

asked on

NT domain trust across a cisco router

I think this is probably a pretty straightforward problem, but I've failed to get it:
I have domains sam and smc separated by a cisco 2621.  smc has some resources that sam must use.  I've added helper-addresses for the broadcast channel and the pdc of the other side to each of my ports.  I've enabled directed-broadcast and added forward-protocol for the udp 137/138 that pass NetBIOS.  However, I still get the "unable to locate domain controller" when I set up the trust relationship.  Any ideas?
Avatar of posivibe
posivibe
Flag of Canada image
Open up port 139 as well.
Avatar of posivibe
posivibe
Flag of Canada image
Here's the Qbase article for the whole story:

http://support.microsoft.com/support/kb/articles/Q179/4/42.ASP

Port 135 for RPC calls should be opened as well.  We just set up a similar network last week but didn't need 135 for our purpose.
Avatar of Tim Holman
Tim Holman
Flag of United Kingdom of Great Britain and Northern Ireland image
Opening these ports will stuff up your browsing :

http://support.microsoft.com/support/kb/articles/Q135/4/64.asp?LNG=ENG&SA=ALLKB&FR=0

+if you use Cisco's IP helper, look at :

http://support.microsoft.com/support/kb/articles/Q190/9/30.ASP

You need the 139 nbsession port to establish a session to create the trust account.
ASKER CERTIFIED SOLUTION
Avatar of scottriley
scottriley
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of posivibe
posivibe
Flag of Canada image
nherron???? have you tried any of our suggestion?  is it fixed?
Avatar of Tim Holman
Tim Holman
Flag of United Kingdom of Great Britain and Northern Ireland image
*gobsmacked*
Avatar of scottriley
scottriley
Why Gobsmacked Tim?
Avatar of posivibe
posivibe
Flag of Canada image
I find that an interesting accepted answer because without port 139 you would be unable to create a trust.