Solved

File share access problems across two Windows 2008 domains

Posted on 2011-09-08
4
540 Views
Last Modified: 2014-01-23
Hi Experts
I’m having a huge problem getting users in a Windows 2008 domain to access folders on a file share in another Windows 2008 domain.  One domain consists of servers in a DMZ; the other domain is for all the internal servers.  There is a one-way trust between the domains.  The internal domain can access resources on the DMZ domain but not the other way around.  A few user accounts that are located in the DMZ domain need access to files on the internal domain.  I created a Universal Group on the DMZ domain and added the appropriate users.  I then created a Domain Local Group on the internal domain and added the DMZ group to it.  I then assigned the appropriate permissions so that the Domain Local Group had access to the folders on the file share.  In theory I thought this would work but it doesn’t.

To test I logged into one of the DMZ servers with a user account that has permissions to the internal domain file share.  When I try to access the file share I get prompted for login credentials.  I assume I shouldn’t be prompted since the user has permissions to the internal file share.  When I add the login credentials I get the following error – “Login unsuccessful: The user name you have typed is the same as the user name you logged in with.  That user has already been tried.  A domain controller cannot be found to verify that user name.”  The user account is on the DMZ domain not on the internal Domain so if the file share is trying to verify the account on the internal domain it will fail.  What am I doing wrong?  Since there is a domain trust should the user accounts from the DMZ domain be in AD on the internal domain?  Our network administrator quit on Friday and Active Directory isn’t my area of expertise.  Any help that you could provide would be greatly appreciated.

Thanks!
0
Comment
Question by:steno1122
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 5

Expert Comment

by:hvillanu
ID: 36508231
Hi,
You successfully create the trust between domains and validate it, right?
Well maybe you need to check the firewall rules between servers.
To check what's going on Install Network Monitor to monitoring/verify network traffic http://www.microsoft.com/download/en/details.aspx?id=4865

Also do a ping to domain-name from one server to another and vice-versa to verify dns/netbios resolution.

On my opinion, grant access from DMZ to LAN is a security risk, is better if you develop/install a web application on the DMZ that interact with the LAN.
0
 

Accepted Solution

by:
steno1122 earned 0 total points
ID: 36814321
coworker fixed issue.  closing question
0
 

Author Closing Comment

by:steno1122
ID: 36908397
Coworker fixed issue.  Closing question
0
 

Expert Comment

by:ciscosupp
ID: 39803757
what was the issue i got same problem
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question