Solved

Problems running a program that resides on a server from a workstation on another domain

Posted on 2011-09-11
14
572 Views
Last Modified: 2012-11-29
In our environment there are two different domains. The two domains trust one another. In domain A there is a remote desktop services server (setup as a member server) that has a database application that users in both domains access and run a program from. The users in domain B that are trying to run this program on the Remote Desktop Services server in domain A are having troubles.

When these users from domain B (XP clients) double click the icon on their desktop to run this program, sometimes it works and sometimes it doesn't. When the program doesn't open up for the user the error message is, "The item program.exe that this shortcut refers to has been changed or moved, so this shortcut will no longer work properly. Do you want to delete this shortcut? I have tried running this program using a UNC path to the executable that runs the program as well as mapping a drive.

When the process isn't working, if I right click on the icon, choose properties and then click Find target the target file is not found.  If i then click Start, Run and type in the UNC path to the share on the Remote Desktop Services server I get the following message, "\\server name\share name is not accessible. You might not have permission to use this network resource. There are currently no logon servers available to service the logon request."

I can always ping the IP address of this server.

If I look at the security on the folder that I am trying to access, domain users from domain A have modify rights to the folder that contains the program that they are trying to run. If I try to add the domain users group from domain B to have the same modify rights to this directory I receive the following message, "The Active Directory Domain Controllers required to find the selected objects in the following domains are not available: domain B. Ensure the Active Directory domain controllers are available and try to select the objects again.

To try and get around this problem with assigning the users in domain B to have permission on the directory that contains the program.exe that they need to run, I have created these same users in domain B with the identical username and passwords that they have in domain A.

How do I go about making this process work so that I don't continue to have these errors. I don't want to have to change domain B to be part of domain A as this would require  quite a big change in the network setup.

Thanks for any input you may have.
0
Comment
Question by:skenny10
  • 7
  • 7
14 Comments
 
LVL 13

Accepted Solution

by:
5g6tdcv4 earned 500 total points
ID: 36519648
Its usually dns config in these situations
on all of your DNS servers are they set to forward request to the other domain?
As a test (on dns servers/DC's )  manually change the primary dns to point to domain A and the secondary dns to point to domain B ( on the NIC)
make sure the client to test on has its dns pointed to server you edited, and check your application then
0
 

Author Comment

by:skenny10
ID: 36519870
I have changed the only DNS server in Domain B to have its DNS entry also point to the primary domain controller on Domain A. The forwarder on the DNS server in Domain B also points back to the primary server in Domain A.

When I try to run the program I get the same result.

I noticed that in domain B the clients are not registering their names and IP addressses into DNS on this domain controller even though the setting in TCP indicates that they should be.

0
 
LVL 13

Expert Comment

by:5g6tdcv4
ID: 36520153
Secondary DNS in B needs to point to  A
Secondary DNS in A needs to point to B

"DCDIAG /test:DNS > dns.txt" returns what? on both domains
0
 

Author Comment

by:skenny10
ID: 36526303
test-domain-A.txt test-domain-B.txt

Test from domain B was from a server 2008 r2 server. Test from Domain A was from a server 2003 server. Thus the different test reports.

I set the DNS settings on each server as indicated but still no luck.

When I go to each server and do a nslookup command to find the server from the other domain, the lookup fails.

Any other thoughts here?
0
 
LVL 13

Expert Comment

by:5g6tdcv4
ID: 36526444
its DNS related for sure your AD
dcdiag /v /c /d /e /s:dcname > c:\diag.txt
run on every domain controller and also post ipconfig /all from every DC
0
 

Author Comment

by:skenny10
ID: 36532748
anne-diag.txt anne-ipconfig.txt francis-diag.txt francis-ipconfig.txt holycross-diag.txt holycross-ipconfig.txt john-diag.txt john-ipconfig.txt lucy-diag.txt lucy-ipconfig.txt michael-diag.txt michael-ipconfig.txt turgeon-diag.txt turgeon-ipconfig.txt District-ipconfig.txt mary1-diag.txt mary1-ipconfig.txt Primary-diag.txt Primary-ipconfig.txt

The Anne, Francis, Holy Cross, John, Lucy, Michael and Turgeon servers are all secondary domain controllers in domain A. The Primary server in this domain is the DNS server that these other servers point to. The District server is a member server in this domain A and it is on this server that the remote desktop application resides.

The Mary server is in Domain B and it is the users of this server that are having difficulty running the Remote Desktop Services Application that resides in Domain A on the District server.

Thanks for your continued assistance.
0
 
LVL 13

Expert Comment

by:5g6tdcv4
ID: 36533441
I am looking through the logs now.
But there may be something very simple here, the following is from the mary1-ipconfig.txt
it is showing an apipa address, these can register in DNS, so when a client does a nslookup they are told the IP of the server is the apipa, and not the static. This could also explain the erratic behavior, of clients working/not working
try disabling the unused adapter

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : IBM USB Remote NDIS Network Device
   Physical Address. . . . . . . . . : 02-1A-64-B5-54-41
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Autoconfiguration IPv4 Address. . : 169.254.227.163(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Enabled
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:skenny10
ID: 36534211
I disabled this unused adapter but still no luck yet.
0
 
LVL 13

Expert Comment

by:5g6tdcv4
ID: 36535388
you would also need to run ipconfig /flushdns and ipconfig /registerdns
0
 

Author Comment

by:skenny10
ID: 36538073
I have issued these commands as well but still hit and miss connecting.

Any other thoughts?
0
 
LVL 13

Expert Comment

by:5g6tdcv4
ID: 36538161
Edit the host file on a non working client
Add the record "serverip.        Servername"
Save and reboot and test
0
 

Author Comment

by:skenny10
ID: 36539915
I have tried this but unfortunately still same result.

0
 
LVL 13

Expert Comment

by:5g6tdcv4
ID: 36540029
you said you have been able to ping the ip address of the server. When you have a problem machine acting up can you ping the server by name?
as  a temporary test change the icon for the problem program to be \\ip of the server\share name
0
 

Author Comment

by:skenny10
ID: 36540846
Yes, when there is a problem machine I can still ping the server by name. When I tried to access the share via the \\ip address\share name I can't connect. The message "there are no currently no logon servers able to service the logon request" appears.

Upon further thinking I will reference the paragraph I wrote from above

"If I look at the security on the folder that I am trying to access, domain users from domain A have modify rights to the folder that contains the program that they are trying to run. If I try to add the domain users group from domain B to have the same modify rights to this directory I receive the following message, "The Active Directory Domain Controllers required to find the selected objects in the following domains are not available: domain B. Ensure the Active Directory domain controllers are available and try to select the objects again."

I am wondering if I changed this Remote Desktop Services server from just a member server to a domain controller that joins Domain A, then Active Directory will be installed on this server and I may have better luck assigning permissions on the network share. This might help me get past this problem.  

Any thoughts on this?

Thanks for sticking with me on this one!

0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Roaming profile & Office 365 3 31
Setup DFS on One Server with Multiple Shares 7 18
Raid 6 or Raid 10? 19 54
GPO Delegation 4 11
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now