Dear all,

I have a MS windows 2003 Domain called "A" and SMS 2003 installed on it. I have a secodn windows 2000 domain called "B" without SMS. There is a firewall to separate them. There is no any relationship between Domain "A" and Domain "B".

I need to install in a PC, in the Domain "B", the SMS console and take remote control of PCs and Servers in the domain "A". The only restriction that I have is do not create trust relationships.

What I need to accomplish this mission? (I mean, first of all, it is possible? which firewall ports I need to open? what name I should provide for site server when installing the console in the Domain "B" pc?)

Please, please, HEEEEEEELP!!!

Thank you very very much in advance
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Walter PadrónCommented:

I don't have a lab to test the configuration but i think this article could help you, also they explain how to set an lmhosts file to resolve NetBIOS names in other domains.

"Ports that Systems Management Server 2003 uses to communicate through a firewall or through a proxy server"

good luck!
CJRODRIGAuthor Commented:
Thanks wpadron, I'll test it tomorrow and I let you know what happened.. seems to be the right article.
Walter PadrónCommented:

We are evaluating SP2. Quoted from the "Systems Management Server 2003 Service Pack 2 Overview"

"Instead of using the previously required 15-character NetBIOS computer name, you can now enter an FQDN value for site server name"

Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

CJRODRIGAuthor Commented:

Unfortunately, I opened all ports described in your previous post but didn't work. Maybe because I have a console behind the firewall instead the SMS primery site server.

my topology looks like this:

COMPANY B DOMAIN                                               COMPANY A DOMAIN
Helpdesk PC ------------firewall  ------------ Firewall -------- SMS site ---- SMS DB
SMS Console             company B            Company A          server           server

Company B has no SMS.

Any Idea?

Walter PadrónCommented:

Maybe is the resolution process, you should test if you can resolve your SMS server IP from a Netbios name.
Also recheck in both firewalls if something is blocked from/to your SMS server, besides ports described by Microsoft ;)

CJRODRIGAuthor Commented:
Hey guys, I think we got an advace on this. I'm getting this error on the SMS Site Server:

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            5/18/2006
Time:            5:02:16 PM
User:            NT AUTHORITY\SYSTEM
Computer:      SMS_SERVER_DOMAIN_A
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      username_in_domain_b
       Domain:            DOMAIN_B
       Logon Type:      3
       Logon Process:      NtLmSsp
       Authentication Package:      NTLM
       Workstation Name:      Computer_name_in_domain_B
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      computer-IP-Address-on-domain-b
       Source Port:      4552

For more information, see Help and Support Center at

How can I do to validate domain b users in a domain A server without a trust????
Walter PadrónCommented:
You can't.

Logon on Computer_name_in_domain_B with username_in_domain_A
CJRODRIGAuthor Commented:
I couldn't logon on Computer_in_domain_b with domain A credentials because the username is unknown by domain B. So do you think that it is impossible to do without a trust?

Do you know if there is way to use another authentication type (as in SQL that uses integrated or its own authentication method) for SMS?

Walter PadrónCommented:

You can't logon because Computer_in_domain_b doesn't know how to reach Domain_Controllers_in_domain_a or the domain_a. Configure an LMHosts file

And no, i don't know of another authentication type.

CJRODRIGAuthor Commented:
No way to make it work without a bidirectional trust relationship... I modified LMHOSTS and HOSTS files, opened firewall ports described in MS article but no results...

Any other Idea?
CJRODRIGAuthor Commented:
Ideas please????
CJRODRIGAuthor Commented:
I'm still having this issue and I'm waiting for another Idea/solution to make it work.
It looks like you answered the Q yourself, with the tip of the others, and you need a trust to get it to work. Without that it isn't possible. Based on that you won't get another answer, so I suggest you either close the Q and distribute points however you think is correct, or follow the instructions in my link above to get a refund and get the question closed.
PAQed with points refunded (500)

Community Support Moderator

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Operating Systems

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.