Re: Access Denied with an external Trust

• Previous message: Scott: "Re: Admin can't install"
• In reply to: Dan: "Re: Access Denied with an external Trust"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 20 Apr 2004 16:20:54 GMT

Apparently you do not have any ipsec policy assigned then. Did trying to access the
share via IP address such as \\\xxx.xxx.xxx.xxx\sharename work?? If not have you
changed any of the security options on the two domains from default? It may also help
to enable auditing of logon events on the server where you are trying to access the
share and then view the security log in Event Viewer for any failed logons to see if
an event is recorded when you attempt access. Often the failed events have helpful
information. --- Steve

"Dan" <dvalenti54@hotmail.com> wrote in message
news:eR7jhrsJEHA.1764@TK2MSFTNGP12.phx.gbl...
> I rant the IPsec test adn this is what i got on both servers.
> IP Security test . . . . . . . . . : Passed
> IPSec policy service is active, but no policy is assigned.
>
> Could it be cause there is an external trust?
>
> I can verify the trusts betwee the servers fine. Or maybe a dns issue that
> im overlooking.
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:Fn1hc.2364$GR.326371@attbi_s01...
> > You will have to "unassign" the policy you assigned in the appropriate
> security
> > policy either domain/local/OU/domain controller, etc. You can run netdiag
> on a
> > computer as in "netdiag /test:ipsec " and it may help showing what policy
> is applied.
> > Gpresult also tells where you are receiving ipsec policy from I believe.
> Both those
> > tools are on the install cdrom in the tools/support folder where you will
> have to run
> > the setup program. --- Steve
> >
> >
> > "Dan" <dvalenti54@hotmail.com> wrote in message
> > news:eClP6knJEHA.3688@TK2MSFTNGP10.phx.gbl...
> > > I remember messing with IPsec is there a way to turn it off, I set the
> > > option Do not use IPSEC under the TCP/ip Properties but still the same.
> > > "Dan" <dvalenti54@hotmail.com> wrote in message
> > > news:e1tQJcnJEHA.1392@TK2MSFTNGP09.phx.gbl...
> > > > i did setup IPSEC i wonder if that is the issue.
> > > > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> > > > news:8S_gc.29757$ru4.30191@attbi_s52...
> > > > > Assuming you have your dns set up correctly [and maybe wins if it is
> not
> > > a
> > > > small
> > > > > network], try adding that account to the domain users group in the
> other
> > > > domain. Also
> > > > > try accessing the share via IP address as in
> \\xxx.xxx.xxx.xxx\sharename
> > > > in case of a
> > > > > name resolution problem. Other things that can be causing lack of
> access
> > > > would be
> > > > > incompatible security options such as ipsec negotiation policies,
> lan
> > > > manager
> > > > > authentication level, smb signing [have client/server digitally sign
> > > > communications
> > > > > set to always when the other computer can not comply], and the
> option
> > > for
> > > > > "additional restrictions for anonymous access" being set to no
> access
> > > > without
> > > > > explicit anonymous permissions in certain situations. --- Steve
> > > > >
> > > > >
> > > > > "Dan" <dvalenti54@hotmail.com> wrote in message
> > > > > news:O0lNhumJEHA.1000@TK2MSFTNGP11.phx.gbl...
> > > > > > I have two windows 2000 DC. one called domain1.local and the other
> > > > called
> > > > > > domain2.com. I setup an external trust between the two domains. I
> > > > > > Authenticate to domain2.com and i created a share on domain1.local
> and
> > > > gave
> > > > > > my account admin@domain2.com full access to this share but when i
> try
> > > to
> > > > > > access it from a mapped drive it says access denied. Dont know
> what im
> > > > doing
> > > > > > wrong.
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

• Previous message: Scott: "Re: Admin can't install"
• In reply to: Dan: "Re: Access Denied with an external Trust"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Preventing users from c onnecting to shares NOT on the domain.. ... Since IPsec policy is a computer policy I do not believe ... the current login is a member of this "Restricted" group of ... > The servers might be located on the same subnet of some of the clients. ... If you require this computers to communicate with other ... (microsoft.public.win2000.networking) Re: Preventing users from c onnecting to shares NOT on the domain.. ... Since IPsec policy is a computer policy I do not believe ... the current login is a member of this "Restricted" group of ... > The servers might be located on the same subnet of some of the clients. ... If you require this computers to communicate with other ... (microsoft.public.win2000.security) Re: Big Windows Security Problem ... a security problem, unless you have certain security requirements that this ... You could also create an ipsec policy. ... > servers you could configure them to require ipsec security. ... >>>administrator, it allows them to access shares on our ... (microsoft.public.win2000.security) Re: Big Windows Security Problem ... workstations only. ... You could also create an ipsec policy. ... servers you could configure them to require ipsec security. ... >>administrator, it allows them to access shares on our ... (microsoft.public.win2000.security) Re: Access Denied with an external Trust ... I rant the IPsec test adn this is what i got on both servers. ... IPSec policy service is active, ... Could it be cause there is an external trust? ... (microsoft.public.win2000.security)