Re: One Way TRUST Through Firewall problem
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Wed, 11 Oct 2006 15:55:41 -0700
"Indigenous" <Indigenous@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F66B46D5-5208-4DB0-9E5D-6D7FDBD049DD@xxxxxxxxxxxxxxxx
Roger, Thanks
I've allowed all ports on the firewall and added static routes to both
domain controllers (so that NATing is not a factor). I t now looks like
the
firewall may have been a red herring.
Any ideas?
You mean ideas other than establishing that it is or is not RPC ?
I do not have the link to hand, but MS has published a KB that details
what one needs to allow on a firewall for DCs to be happy, and since
in your case it is a downlevel trust things should be easier than outlined
in the KB that I am thinking of.
Basically, you need to allow the NetBios based ports and RPC at a
minimum.
"Roger Abell [MVP]" wrote:
It sounds as though you may have an issue with the ephemeral
ports used by RPC being blocked by the firewall. It is possible
to constrain RPC to using only a known range of ports, but before
you go down that road you ought verify whether this is the problem
(such as by packet examination in a capture).
http://support.microsoft.com/kb/154596/en-us
http://support.microsoft.com/kb/908472/en-us
"Indigenous" <Indigenous@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:49491B04-84BE-4EB3-A559-81AA1F2AC8C3@xxxxxxxxxxxxxxxx
Hi
If there is a better group for this then let me know..
I have a one way trust domain setup between two windows 2003 forests
with
a
firewall between the DC's. The trust works ok and validates from both
ends.
When I come to add a user from the trusted domain a group in the
trusting
domain (or assign file permissions to a user in the trusted domain), I
can't
browse the foreign domains OU structure and can't find any users in
the
domain. The domain is shown in the locations dialog but when you
click
on
it, there's a long delay then it just doesn't expand to anything.
I have opened LDAP (389) and all the suggested trust ports. Nothing
suspicious appears to be being blocked on the firewall other than a few
ports
in the 18XX TCP range.
.
- References:
- Re: One Way TRUST Through Firewall problem
- From: Roger Abell [MVP]
- Re: One Way TRUST Through Firewall problem
- Prev by Date: MS06 - 059/060/062 issues
- Next by Date: Re: Disabling Restore button in Previous Versions tab
- Previous by thread: Re: One Way TRUST Through Firewall problem
- Next by thread: Re: recent security patches
- Index(es):
