shoris
asked on
AD Win2k is not able to map drive on Win2003
Basically, I have a Windows 2000 Domain on a subnet 172.22.38.xx and there is another Windows 2003 AD sitting on a subnet 172.22.88.xx... The servers have both a trusted relationship. When I am on the Windows 2003 server, I can map a network drive to any of my servers on Windows 2000 but when i am on the Windows 2000 Server .. any of my computer accts to joined to AD on Windows 2000 Server.. can't see any of the Windows 2003 servers even though I have a full trust relationship. Is there any policy on the Windows 2003 server that i need to change or modify so that my AD on Windows 2000 and all of the computer accounts can see the servers and members servers on the 2003 AD.
Does anyone have any suggestion.. or did i not make any sense at all.. :)
Does anyone have any suggestion.. or did i not make any sense at all.. :)
ASKER
I have had the DNS setup on both servers.. that part is working.. Interesting enough.. i can map a drive from the Windows 2000 server to the Windows 2003 any member server.. but my PC connected (computer acct) belongs to Windows 2000 server, can't map any drives..
Any other thoughts?
Any other thoughts?
ASKER
to finish my sentence.. my computer joined to Windows server.. does not map to any of the windows 2003 member servers..nor i can see it in when view entire network..
You won't be able to see it in your Network Places since browsing across subnets requires WINS servers on both sides or a really good LMHOSTS file.
If you map using an IP address does it work? Like: \\ip address of remote server\share.
If you map using an IP address does it work? Like: \\ip address of remote server\share.
ASKER
ahhh.. that makes sense with the lmhosts file.. i thought the DNS would have done the trick..
I can ping the IP Address and the fully qualified name from my computer joined to the Windows 2000 domain.. no problem.. but even mapping with IP address and name.. does not see it.
So is this something where i should put an entry in the lmhosts file?
I can ping the IP Address and the fully qualified name from my computer joined to the Windows 2000 domain.. no problem.. but even mapping with IP address and name.. does not see it.
So is this something where i should put an entry in the lmhosts file?
If you can't map by IP then there is something else going on.
You might want to see if they have SMB signing enabled on the other server.
You might want to see if they have SMB signing enabled on the other server.
ASKER
oh ok.. How do i make sure that smb signing is enabled, where do i look whether its on the windows 2000 or i am sure your talking about windows 2003 where to enable this feature if necesary?
On the 2003 server - yes, it's enabled by default.
On the server:
1. Navigate to Start ->Administrative Tools -> Domain Controller Policy (not "Domain Policy)
2. In the left hand pane choose Security Settings -> Local Policies -> Security Options -> Microsoft network server: Digitally sign communications (always).
3. Double-click the item and then change "Enabled" to Disabled".
4. Reboot the server.
On the server:
1. Navigate to Start ->Administrative Tools -> Domain Controller Policy (not "Domain Policy)
2. In the left hand pane choose Security Settings -> Local Policies -> Security Options -> Microsoft network server: Digitally sign communications (always).
3. Double-click the item and then change "Enabled" to Disabled".
4. Reboot the server.
ASKER
ok... wow .. if this works..; your the geek. :)
i will definitely let you know tomorrow.
i will definitely let you know tomorrow.
ASKER
Didn't work.. :(
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes.. you were right about the ports.. fixed.. Nice job..
Now the only thing.. is that i can map the drive using the IP address.. but when i use the name.. of the ipaddress.. it doesn't work.. Any suggestions? netbios?
Now the only thing.. is that i can map the drive using the IP address.. but when i use the name.. of the ipaddress.. it doesn't work.. Any suggestions? netbios?
A few more ports I found are 636, 3268 and 3269. There are a few more I'm tracking down.
If you are using VPN tunnels you can open it up completely between both sites as everything is in the tunnel and protected over the link.
If you are using VPN tunnels you can open it up completely between both sites as everything is in the tunnel and protected over the link.
You may need to know this: http://support.microsoft.com/kb/154596/en-us
This contains all the info you need: http://support.microsoft.com/kb/832017/en-us
If you cannot connect by name then it's a resolution issue more than likely.
See how you make out.
This contains all the info you need: http://support.microsoft.com/kb/832017/en-us
If you cannot connect by name then it's a resolution issue more than likely.
See how you make out.
Create a Secondary Zone in DNS for the other domain. Set it up to do Zone Transfers from the 2003 domain. In the 2003 DNS you will need to allow zone transfers to the 2000 DNS secondary zone.
Let us know how you make out.