RE: Permissions
From: Ilene (ilene521_at_bellsouth.net)
Date: 08/20/03
- Next message: Feroz Sultan: "Recent Virus Scare"
- Previous message: Karl Levinson [x y] mvp: "Re: Setting up virus honeypot"
- In reply to: Cherry Qian: "RE: Permissions"
- Next in thread: Cherry Qian: "RE: Permissions"
- Reply: Cherry Qian: "RE: Permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 20 Aug 2003 04:34:56 -0700
thanks again for your help. I was able to solve the
problem. I am not using Wins only DNS but I realized 2
things. a)I was trying to get to a server that didn't
have a partition so I believe that was part of the problem
and b)You are correct about the domains, I had to rebuild
this domain several times and I also believe that was part
of this problem to. When I reversed this sitution from
domain B to Domain C I was successful. I believe when I
implement this situation after I'm finished with the
migration I will not have the problem.
Thanks again for your help.
>-----Original Message-----
>Hi Ilene,
>
>Thank you for the posting again. As you described, it can
access any and
>all files from the DC from domainb. It's when you try to
connect to the DC
>in DomainC that exhibit the problem. You received a
message that no logon
>servers are available to service the logon request.
>
>Based on your description and our further research, it
apears the WINS
>database does not have the proper domain registrations
for pass-through
>authentication. This problem occurs most often in
environments where the
>administrator has created a two-way trust between two
previously
>independent domains. Most often, there are WINS servers
in each domain and
>the WINS servers do not replicate their databases to each
other.
>
>To resolve this problem:
>
>- Allow WINS dynamic registration. This ensures that
Domain Controllers
>register their DOMAIN<1C> NetBIOS names with the WINS
Server.
>
>- Make certain that WINS database replication is
successful between WINS
>Servers. Missing database entries for domain names may
indicate Problems
>with the WINS Servers and replication.
>
>To work around this problem:
>
>NOTE: Microsoft does not recommend using static mappings
in the WINS
>database for WINS enabled computers.
>
>1. Run the WINS Administration Utility to add static
mappings for the
>Domain<1C> registrations (of the trusted domain) that are
not listed in the
>WINS database:
>
> Name: Master DOMAIN Name
> IP Address: Address of the Primary
Domain Controller (PDC) of the
>domain
> Type: Domain Name
>
>If you are logged on as an administrator at a Domain
Controller, remote
>administration works now successfully. If you are
attempting to remotely
>administer the domain while logged on to a Server (not a
domain controller)
>or Windows NT Workstation, you must add DOMAIN<1C>
entries for both the
>trusted and trusting domains.
>
>To remotely administer a trusted domain, several pass-
through
>authentication steps must take place. If the WINS
database does not have
>the proper domain registrations, the pass-through
authentication fails.
>
>For example, a trust is established between DOMAIN_A and
DOMAIN_B. Server
>PDC_A is in DOMAIN_A and PDC_B is in DOMAIN_B. DOMAIN_A
is the trusted
>(master) domain, and DOMAIN_B is the resource (trusting)
domain. To
>establish this trust relationship, the following NetBIOS
names must be
>resolved to IP addresses, either through WINS or
broadcast:
>
> NetBIOS Name Description of Use of Name
> ------------------------------------------------
---------------------
> DOMAIN_A<1B> PDC_B uses this to query the
PDC of DOMAIN_A
> PDC_A<00> PDC_B uses this to set up a
session with the PDC of
>DOMAIN_A
> DOMAIN_A<1C> PDC_B uses this to get DC
list of DOMAIN_A
>
>With these three names being registered, and if your
account has
>administrator priviledges, the trust can be established
and the message
>"The trust relationship was established successfully"
appears. When you
>reboot the computer, or the first time you attempt remote
administration,
>another NetBIOS name is needed:
>
> NetBIOS Name Description of Use of Name
> ------------------------------------------------
---------------------
> DOMAIN_A<1C> Each Domain Controller in
DOMAIN_B uses this name to
>establish a secure channel with a Domain Controller in
the trusted domain.
>
>The Domain Controller (DC) in the trusting domain
attempts to create a
>secure channel with any DC in the trusted domain by
making a multicast
>logon request to the NetBIOS name DOMAIN_A<1C>. This
logon request is part
>of a process that creates a Secure Channel between the
two DCs. The logon
>ID in this logon request is the inter-domain trust
account for the trusting
>domain, DOMAIN_B$. If there is no registration for
DOMAIN_A<1C> in the WINS
>database the error message STATUS_NO_LOGON_SERVERS is
returned to the call.
>The message "There are currently no logon servers
available" is then
>returned to the user.
>
>Hope the above information and suggestion helps and
answers your question.
>If anything is unclear, please let me know.
>
>Sincerely,
>
>Cherry Qian
>MCSE2000, MCSA2000, MCDBA2000
>Microsoft Partner Online Support
>
>
>Get Secure! - www.microsoft.com/security
>
>====================================================
>When responding to posts, please Reply to Group via your
newsreader so
>that others may learn and benefit from your issue.
>====================================================
>This posting is provided AS IS with no warranties, and
confers no rights.
>
>.
>
- Next message: Feroz Sultan: "Recent Virus Scare"
- Previous message: Karl Levinson [x y] mvp: "Re: Setting up virus honeypot"
- In reply to: Cherry Qian: "RE: Permissions"
- Next in thread: Cherry Qian: "RE: Permissions"
- Reply: Cherry Qian: "RE: Permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
