Can't Connect to Share on Other Domain by Name:

Hi.
We have 2 domains.

When I am in the new domain I can connect to any computer on the old domain except for one.

This one server is a 2008 x64 server. All others are 2003 or XP machines.

I can connect by using \\192.168.1.21 but not when I use \\ServerA.

I can't figure it out. I can use \\ComputerName to connect to any of the computers on the old domain except for this one.

Can someone help?
LVL 1
homerslmpsonAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
digitapConnect With a Mentor Commented:
If they are part of the same forest then they'll share some inherent rights.  However, the domains will be self contained and not much will be shared between the two domains.  If they are in separate forests, though, you'd need to establish a trust between the domains to allow proper connectivity.  The fact that you've only got one server giving you issues, says a trust isn't the source of the problem.

Have a look at 2008 SMB2.  Here is a link that talks about it and gives some steps to disable it.

http://www.petri.co.il/how-to-disable-smb-2-on-windows-vista-or-server-2008.htm
0
 
khashayar01Commented:
how are the two domains connected? have you tried using \\ServerA.domainname.ext?
0
 
digitapCommented:
Is the 2008 server a DC?  It sounds like DNS isn't getting updated properly in the new domain.  Are you migrating to a new domain removing the old domain after migration?  If so, you could create a manual host (A) record on the DNS in the new domain as a work around until the old domain is gone.
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
homerslmpsonAuthor Commented:
khashayar01:  
how are the two domains connected? have you tried using  \\ServerA.domainname.ext?
    -I just tried this now and it DOES work.  So the question now is how do I get it connect without having to type the full name?

digitap:
Is the 2008 server a DC?
    -No.  It is a normal application server.
It sounds like DNS isn't getting updated  properly in the new domain.  Are you migrating to a new domain removing  the old domain after migration?
     
-Yes. That is the plan.
If so, you could create a manual host  (A) record on the DNS in the new domain as a work around until the old  domain is gone.

     On the new domain? Explain.  What server am I adjusting the record?


0
 
khashayar01Commented:
to make it work without the full name just create an A record in the DNS of the new domain for the inaccessible server in the old domain.
0
 
digitapCommented:
On DNS in the new domain, create the A record for the server in the old domain.

   1. Start the DNS MMC snap-in (Start - Programs - Administrative Tools - DNS)
   2. Expand 'Forward Lookup Zones' and select the DNS domain you wish to add a record to
   3. Right click on the DNS domain zone and select 'New Host' from the context menu
   4. Enter the name and IP address for the record and if you want a reverse pointer to be created.
   5. Click Add Host

I wouldn't go to a lot of work to get FQDN to resolve correctly if the old domain is going away.  It'll just be something you'll have to remove later anyway.
0
 
homerslmpsonAuthor Commented:
It automatically appends the new domain name to the record.

There are forward lookup zones and reverse lookup zones.

They both contained the wrong record so I deleted them.  They were pointing the IP address and name of the server to the NEW domain.  It was on the new domain for a small time but was moved to the old domain.  Windows may have even been reinstalled on the server and placed in the old domain by default after the re-build.

Regardless, I have created a new reverse lookup "pointer" but that didn't seem to make much of a difference.  That was done before I posted the question.

How can I add a forward lookup zone pointing to the old domain when it's grayed out (see image)?

2.PNG
0
 
digitapCommented:
You could try creating an CNAME (alias).  Rather than slecting new host, select New Alias.  Type the server name then type the FQDN of the host.

Regardless, it should still resolve properly even if the fqdn isn't correct.  To test, you could create a host entry.
0
 
homerslmpsonAuthor Commented:
Didn't seem to help.  The error I get is shown in the image below.

I tried adding the CNAME file but no dice.

1.PNG
0
 
digitapCommented:
this is a credentials issue.  It's telling you that you don't have rights to access the resource.  When you attempted UNC access to the server, you should have gotten prompted for a username and password if the credentilas you were logged on with didn't have access to the resource.  The fact that you are getting the prompt tells me that DNS is resolving properly.

If you go to the command prompt and type nslookup servername does it resolve the IP address properly?
0
 
homerslmpsonAuthor Commented:
When I do a nslookup on the server on the new domain I get the following:

Name: ServerA.Domain.com      <-- this is good!
Address: 192.168.1.21        <--- this is good!
Aliases: ServerA.Domain.new      <--- this is a problem!

I am running this on the DC on the new domain (domain.new).

It still seems to think that this server is in some way connected to the new domain, but it isn't!
0
 
homerslmpsonAuthor Commented:
When I do a nslookup using the IP address it replies back the correct name (ServerA.Domain.com) but doesn't show the alias.

Like I mentioned earlier, when you type in the FQDN or the IP address it works properly.

There must be something somewhere that is still thinking this server is on the new domain.
0
 
digitapCommented:
Was the server ever a dc on the new domain?
0
 
homerslmpsonAuthor Commented:
No.  It was on the new domain for a short while but it was not a DC.
0
 
digitapCommented:
To me, it looks like DNS is resolving properly. Now, it seems it's an authentication issue.  You could be right about remnants of the server being in AD.  I'd be interested to know if a client on the new domain (not the DC) would get the same error when trying to access network shares.  I'd setup a client in this manner, create an account in both domains that match username and password.  Then try to access the server.  The research I've done on the error in the screen shot seemed to point to issues when access network shares on servers in a domain different from the DC in which the server belongs.
0
 
homerslmpsonAuthor Commented:
The reason this whole thing came up was because we map 2 network drives to the server on this domain.

When my boss joined the new domain (for testing), he noticed that all drives were mapped successfully except for the 2 drives shared from this server.

I don't think it matters what user tries to access the share.

I logged on as myself and I get the same error.

The drives now map correctly because I changed the logon script to map these 2 drives using the FQDN.

I would still like to know what is causing this.

I almost feel as if this is happening because of the server OS.  This is the only server in our domain running Server 2008.  All other servers are 2003.

Maybe some new security settings within the OS are preventing this?
0
 
digitapCommented:
I'll ask a friend of mine to review this here on EE.  I've not seen any of the event logs that would shed a lot of light on what's going on.
0
 
digitapCommented:
Is the new domain part of the same forest as the old domain?
0
 
homerslmpsonAuthor Commented:
I believe so.  There is some type of trust relationship between the 2 domains.

The original domain is DomainA.com and the new domain is DomainA.local (if that helps at all).
0
 
digitapCommented:
Was it SMB2?
0
 
homerslmpsonAuthor Commented:
Yeah. Thanks for your help!
0
 
digitapCommented:
Excellent...glad I could help and thanks for the points!
0
All Courses

From novice to tech pro — start learning today.