Solved

Domain Trust via NAT

Posted on 2012-04-11
2
576 Views
Last Modified: 2012-04-16
Dear Expert,

I need some advice pertaining on the windows 2008 AD - external domain-trust via NAT, DNS forwarding has been setup successfully from both sites, but can't seem to get the authentication working.

I have 2 site connect via point-to-point VPN:

Site A - AD Server IP 10.150.0.1
Domain: domain-A.internal

Site B - AD Server 10.10.0.1   (Original IP subnet)
Site B - AD Server 10.190.1.1 (NAT IP Subnet back to Site A)
Domain: domain-B.internal

P/S: The NAT only applied on Site B.

Test result:
AD Server (Site A)  able to ping  NAT AD Server (Site B)
AD Server (Site B)  able to ping  AD Server (Site A)

AD server (Site B)  able to ping  domain-A.internal
AD server (Site A)  can't ping   domain-B.internal  (somehow it's pinging actual IP 10.10.0.1 instead of NAT IP 10.190.1.1)
0
Comment
Question by:peacefullee
2 Comments
 
LVL 3

Accepted Solution

by:
unsatiated earned 500 total points
ID: 37833573
Your DNS entries and NAT are not mixing well.  Because you are NAT'ing the box to the 10.190.1.1 IP address, that IP does not exist in any DNS record in your DNS zone, therefore, domain-b.internal will always resolove to 10.10.0.1 instead of the NAT address you are looking for which is 10.190.1.1.  Why are you NAT'ing that AD subnet to that anyway?  Is this a constraint due to that subnet being alreayd in use on the A side?

You can ADD DNS entries for all those NATd IP addresses into DNS to remedy, but I suggest looking at why you are even NATing those addresses.
0
 

Author Closing Comment

by:peacefullee
ID: 37853931
Thanks for advice, managed to get NATed exemption on AD.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now