Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Problem accessing / mapping of shares in a different domain.

Posted on 2014-01-24
Medium Priority
Last Modified: 2014-05-26
I have a single forest with multiple domains.

nnt.com (root domain)
uk.nnt.com (child domain)
usa.nnt.com (child domain)

I have a third party DNS server where all my clients point to.
The third party DNS server is synchronized with my child domains.
My client pc’s are joint to uk.nnt.com domain and can access/map any shares via name to a file server in the uk.nnt.com domain with no problems.

My problem is when users want to access/map shares to a file server in the usa.nnt.com domain they get error.
Logon unsuccessful:
The user name you typed is the same as the user name you logged in with.
That user name has already been tried. A domain controller cannot be found to very that user name.

When I use ip address of file server it works and when I try to access/map shares in usa.nnt.com domain from a pc which is not joint to domain it will ask for password and when I type in it works.

Please advice/help why can’t my pc’s joint to uk.nnt.com domain access/map shares to the file server in usa.nnt.com domain.

I can ping successfully the FQDN of file server and it can resolve ip address to name.
I also can resolve the DC.
My trust between domains is also working as I can use username and password of user in uk.nnt.com domain to access files in usa.nnt.com domain when pc is not joining to any domain.
Question by:ciscosupp
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
LVL 38

Expert Comment

ID: 39807547
To do what you are trying to do, just make dns host (A) record for file servers in us domain to dns servers (under uk.nnt.com zone) in uk domain and vice versa.

This will allow you to access file servers across domains by name such as \\server1

Single lable name will work within same domain or within workgroup environment fine in normal case but it will not work as expected between cross domains residing in different subnets


Author Comment

ID: 39808263
I tried no luck same problem.
I try mapping/accessing shared in other domain with FQDM and I can only use name as my dns suffix is added for the other domain.
I also can resolve ip to name and name to ip successfully of the fileserver
LVL 38

Expert Comment

ID: 39808516
That is true, if you add host (A) record for other domain file server in your dns zone, its FQDN will obviously be created as host.yourdomain.com
But this is only available one of the best method.
once you created host (A) records, what important is it should be able to resolve to IP address of file server in another domain.

Can you please check on client computers and domain controllers advanced TCP/IP properties \ DNS tab for below.
ensure that "Append Primary and connection specific dns suffixes" radio button is selected
Ensure that "Append parent suffixes of primary dns suffix" checkbox is selected
Ensure that "register this connection addresses in Dns" checkbox is selected
If there is any deviation in the above settings, its probably you will face name resolution and connectivity issues

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why


Author Comment

ID: 39814799

In uk domain I have a file server called fileuk and in usa domain I have a file server called fileusa

So basically I have to create one A record in both dns zones uk.nnt.com and usa.nnt.com

Uk.nnt.com zone
Fileusa (FQDN fileusa.uk.nnt.com)

Usa.nnt.com zone
Fileuk (FQDN fileuk.usa.nnt.com)

Please advice if this is what you mean.
LVL 38

Expert Comment

ID: 39827553
yes, you are right


Author Comment

ID: 39863943
Ok tried it no luck.
It’s not a DNS problem as it can resolve name to it and ip to name with no problem of file server.

What else can be the problem any advice
LVL 38

Expert Comment

ID: 39864121
If you access shares via \\server.domain.com\share is it accessible ?
Do you have any firewall enabled between two domains or windows firewall on file servers that is blocking NetBIOS name resolution ?

If you ping hostname of us domain file server from uk domain, is it pings ?
If you ping FQDN of us domain file server from uk domain, is it pings ?


Author Comment

ID: 39906122
yes I can ping both servers from both different domains.
Records for both fileserver can also resolve from ip to name and name to ip.
LVL 38

Accepted Solution

Mahesh earned 2000 total points
ID: 39907408
Download Portqueryui tool and check if required ports are opened from both domain controllers vice versa ?

If you get error here, you need to clear that 1st

Also verify DNS name resolution vice versa with both domain controllers
1.On your DNS, click Start, and then click Run.
2.In the Open box, type cmd.
3.Type nslookup, and then press ENTER.
4.Type set type=all, and then press ENTER.
5.Type _ldap._tcp.dc._msdcs.Domain_Name, where Domain_Name is the name of your domain and then press ENTER...if this resolves
5.Type _ldap._tcp.dc._msdcs.Domain_Name, where Domain_Name is the name of opposite domain and then press ENTER



Author Comment

ID: 39949965
will try it

Featured Post

Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Here's a look at newsworthy articles and community happenings during the last month.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question