Re: Child/Parent Domain sanity Check
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 09/29/05
- Next message: Steven L Umbach: "Re: CD Burner Rights"
- Previous message: Alex Decarli: "Windows Antispyware for corporate users"
- In reply to: James Fabulous: "Child/Parent Domain sanity Check"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 Sep 2005 17:25:36 -0500
This often indicates a dns problem or some sort of network connectivity
problem. What I would do is to run netdiag on both the client computer and
the server the user wants to remote into and run dcdiag /a and netdiag on
the pdc fsmo domain controller in each domain to see if any related problems
are found. You should also be able to use nslookup to resolve the full
qualified domain name of any domain computer in the forest from any domain
computer in the forest and I would start with the domain computer trying to
access the server in the other domain. Also make sure that there are NO ISP
dns servers listed as a preferred dns server for any domain computer in the
domain. If you have delegated the child dns zone to a the dns servers in the
child domain [probably domain controllers] you will need to create a
secondary dns zone for the parent domain on dns servers in the child domain
or if using Windows 2003 domain controllers you could use conditional
forwarding, stub zones, or configure dns to replicate to all dns
servers/domain controllers in the forest. The link below explains how to
configure DNS for Active Directory. Ipsec policies can also cause problems
if not configured correctly. --- Steve
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382
"James Fabulous" <James.Fabulous@hotmail.com> wrote in message
news:OyFzncGxFHA.2232@TK2MSFTNGP11.phx.gbl...
> Having some issues that I'm trying to work through:
> A user from parent domain A wants to RDP to server in Child domain B
> The user from A doesn't have a user account in B - but his account is a
> member of a universal group in A which is a member of a universal group by
> the same name in B that is a member of the administrators group of the
> target machine.
>
> Error is: "the specified domain does not exist or could not be contacted"
> ot
> "The system cannot log you on because the domain is not available"
> tried: user, password, A
> user@a.com, password
> A\user, password
> A.com\user, password
> all fail. Even when we test with a domain admin from A we get the same
> error.
>
> This has previously worked, and from what I can tell via NLtests netlogon
> is
> working properly and the domains are replicating normally. The DC for B
> can
> see the member group from A and enumerate it's users on the members tab.
> Target machine is 2000 running terminal services in administration mode.
>
>
- Next message: Steven L Umbach: "Re: CD Burner Rights"
- Previous message: Alex Decarli: "Windows Antispyware for corporate users"
- In reply to: James Fabulous: "Child/Parent Domain sanity Check"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
