Why would two trusted Active Directory Domains not allow access to AD accounts even though Smoothwall IPSec tunnels are open through all ports and the trust reports functioning?
In an environment in which two Smoothwalls are deployed, they are connected through an IPSec tunnel and all ports are open. One separate Windows domain are deployed behind each Smoothwall for a total of 2 Domains. A Domain trust has been established between the two domains and they say they are functioning fine, but users can't log into their AD accounts if they are behind the Smoothwall of the second Domain. Functioning level is Windows Server 2003 it says and these are Windows Server 2008 R2 Domain controllers. Does this trust need to be reestablished and functioning level raised?
Jane Updegraff
I would try re-establishing the trust. If you can do it in a maintenance window where you won't be interfering with the users, just delete the trust and re-create it, and make sure that it's bi-directional (two-way) under the "direction of trust" section and non-transitive for safety ... then validate the trust from both sides (meaning actually remote into a machine in each domain and run ADDT and actually validate it on each domain. If it validates on both sides properly then you can be pretty confident that the IPSec tunnel (or some other firewall component either on your hardware firewalls or Windows firewall) is probably the problem. As for your firewalls, someone else will have to answer as I have no experience with that brand.
There are some parts during initial connection based on Multicast / Broadcast. Those packets doen't travel past routers, so any expected answers will not be coming either. You will need a "local precense" somehow,
Did you perhaps create it as a selective trust?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.