Solved

AD Win2k is not able to map drive on Win2003

Posted on 2006-06-12
14
289 Views
Last Modified: 2010-04-18
Basically, I have a Windows 2000 Domain on a subnet 172.22.38.xx and there is another Windows 2003 AD sitting on a subnet 172.22.88.xx... The servers have both a trusted relationship. When I am on the Windows 2003 server, I can map a network drive to any of my servers on Windows 2000 but when i am on the Windows 2000 Server .. any of my computer accts to joined to AD on Windows 2000 Server.. can't see any of the Windows 2003 servers even though I have a full trust relationship. Is there any policy on the Windows 2003 server that i need to change or modify so that my AD on Windows 2000 and all of the computer accounts can see the servers and members servers on the 2003 AD.

Does anyone have any suggestion.. or did i not make any sense at all.. :)
0
Comment
Question by:shoris
  • 7
  • 7
14 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 16887042
It's likely a DNS issue.

Create a Secondary Zone in DNS for the other domain.  Set it up to do Zone Transfers from the 2003 domain.  In the 2003 DNS you will need to allow zone transfers to the 2000 DNS secondary zone.

Let us know how you make out.
0
 

Author Comment

by:shoris
ID: 16887895
I have had the DNS setup on both servers.. that part is working.. Interesting enough.. i can map a drive from the Windows 2000 server to the Windows 2003 any member server.. but my PC connected (computer acct) belongs to Windows 2000 server, can't map any drives..

Any other thoughts?
0
 

Author Comment

by:shoris
ID: 16887913
to finish my sentence.. my computer joined to Windows server.. does not map to any of the windows 2003 member servers..nor i can see it in when view entire network..
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 51

Expert Comment

by:Netman66
ID: 16888135
You won't be able to see it in your Network Places since browsing across subnets requires WINS servers on both sides or a really good LMHOSTS file.

If you map using an IP address does it work?  Like: \\ip address of remote server\share.

0
 

Author Comment

by:shoris
ID: 16888383
ahhh.. that makes sense with the lmhosts file.. i thought the DNS would have done the trick..

I can ping the IP Address and the fully qualified name from my computer joined to the Windows 2000 domain.. no problem.. but even mapping with IP address and name.. does not see it.

So is this something where i should put an entry in the lmhosts file?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 16889273
If you can't map by IP then there is something else going on.

You might want to see if they have SMB signing enabled on the other server.

0
 

Author Comment

by:shoris
ID: 16890358
oh ok.. How do i make sure that smb signing is enabled, where do i look whether its on the windows 2000 or i am sure your talking about windows 2003 where to enable this feature if necesary?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 16890381
On the 2003 server - yes, it's enabled by default.

On the server:
1. Navigate to Start ->Administrative Tools -> Domain Controller Policy  (not "Domain Policy)
2. In the left hand pane choose Security Settings -> Local Policies -> Security Options -> Microsoft network server: Digitally sign communications (always).
3. Double-click the item and then change "Enabled" to Disabled".
4. Reboot the server.
0
 

Author Comment

by:shoris
ID: 16890447
ok... wow .. if this works..; your the geek. :)

i will definitely let you know tomorrow.
0
 

Author Comment

by:shoris
ID: 16896526
Didn't work.. :(
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 16896722
So, let's do a rundown.

You cannot connect by name or IP?

This suggests that there is something being blocked between them and you.  You need to allow a few ports.

I think you need 138, 139, 53, 445, 389 snd perhaps more.

0
 

Author Comment

by:shoris
ID: 16897182
Yes.. you were right about the ports.. fixed.. Nice job..

Now the only thing.. is that i can map the drive using the IP address.. but when i use the name.. of the ipaddress.. it doesn't work.. Any suggestions? netbios?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 16897994
A few more ports I found are 636, 3268 and 3269.  There are a few more I'm tracking down.

If you are using VPN tunnels you can open it up completely between both sites as everything is in the tunnel and protected over the link.

0
 
LVL 51

Expert Comment

by:Netman66
ID: 16898020
You may need to know this:  http://support.microsoft.com/kb/154596/en-us

This contains all the info you need:  http://support.microsoft.com/kb/832017/en-us

If you cannot connect by name then it's a resolution issue more than likely.

See how you make out.

0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now