troubleshooting Question

Cross Domain host resolution and authentication over a site to site vpn tunnel

Avatar of turner20
turner20Flag for Australia asked on
3 Comments2 Solutions1081 ViewsLast Modified:
Hi Experts,

My company (Comp_A) is currently working on a collaborative project with another company (Comp_B).  We have some of our staff sitting within their office (on laptops) connected to their network (not domain); the main file server is joined to Comp_B domain.  Our users have been issued with a user account on Comp_B's domain which they use to access the local network shares and print servers, but they also need to access the remote network shares in Comp_A domain.  The data on the file server in Comp_B domain will also need to be accessed from users over the WAN from Comp_A network. We have configured a Site-to-Site VPN to accomplish this, we can ping any host on each side of the VPN from the other but we cannot resolve hosts as yet on each side.  I did raise the idea of creating a trust between the two domains, but unfortunately the idea was rejected.    

I have two issues:-

1. What is the best way to configure the DNS in this scenario so my users in Comp_A domain can resolve hosts in Comp_B domain and vice versa?  I have thought about placing HOSTS files on my user’s laptops and workstations but it would not be ideal due to the number and rotation of the staff working on the collaborative project.  

2. My users (joined to Comp_A domain) when working on their laptops on Comp_B's network are being prompted for a username and password when they try and connect to network shares in Comp_A's network over the site to site VPN tunnel - i currently have temporary host file on the users laptops detailing Comp_A's hosts and ip's but they don't seem to be able to authenticate against the DC's - how can i achieve this over the vpn tunnel so they aren’t  prompted for a username and password each morning? (i would use vpn client software but we have WAN optimisers at each end of the tunnel so we need traffic to flow through the tunnel not over a vpn client connection for optimisation to work).  

Comp_A is running W2K8 with AD2008, Comp_B is running W2K3 with AD2003.
Comp_A has multiple subnets in the range, Comp_B has one subnet    

Any ideas would be appreciated....


Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 2 Answers and 3 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros