Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

TWO PDCS ADD TRUSTED DOMAINS THRU VPN !

0 views
Skip to first unread message

MCD

unread,
Apr 24, 2000, 3:00:00 AM4/24/00
to
what am I suppose to do to connecto two primary domain controllers thru
vpn???

i know this:
create the router-to-router vpn
1. create the interface, set the protocols at both ends
2. create the static route at boths ends
I get them to connect and see each other thru tcp/ip
why cant I add them to TRUSTED DOMAINs list? i get RPC SERVER
UNAVAILABLE?
i cant see the other pdc in some other station/user in the other lan,
what else do I have to setup? DNS? WINS? LMHOST file? someone please!

John R Buchan

unread,
Apr 25, 2000, 3:00:00 AM4/25/00
to
******************************
<Note. The following is related to pre-Win2k domains. A Win2K only
environment doesn't require NetBIOS and uses different IP ports.>

To establish and maintain a trust, the PDC of the trusting domain must be
able to locate and establish NetBIOS sessions with the PDC of the trusted
domain. To handle pass through validation, all DCs of the trusting domain
must be able to locate and establish NetBIOS sessions with at least one DC
from the trusted domain. For this, you will need IP connectivity, NetBIOS
connectivity, and NetBIOS name resolution.

NetBIOS name resolution: To locate domain controllers, 2 names are used:

1) "domainname 1C" is a group name. All domain controllers register
their IP under this name for their domain. This name is queried to
obtain a list of domain controllers for a particular domain.

2) "domainname 1B" is a unique name. Only the PDC registers this
name for a given domain. The name can be queried to specifically
locate the PDC of a particular domain.

You must provide a means for the domain controllers of the trusting domain
to resolve these names. You can do this through either lmhosts or WINS. If
you use lmhosts, the entries might look something like:

DomA_PDC's lmhosts:

192.168.2.1 DomB_PDC #PRE #DOM:DomB
192.168.2.1 "DomB \0x1b" #PRE


DomB_PDC's lmhosts:

192.168.1.1 DomA_PDC #PRE #DOM:DomA
192.168.1.1 "DomA \0x1b" #PRE


IP connectivity: The PDCs must be able to route packets to one another. If
you are using some form of IP translation between them, the device
providing this will need to be able to redirect the appropriate packets to
the PDC.

NetBIOS connectivity: With the exception of a Win2k only network, MS
networking functions rely on NetBIOS connections. In a TCP/IP environments,
NBT (NetBIOS over TCP/IP) is used to provide this connectivity. Trusts
require the use of unicast on all 3 NBT ports (UDP 137, 138, & TCP 139).
You will need to ensure that the DCs can connect to each other on these
ports.
******************************

--
Note, I seldom respond to email questions. Please keep discussions in
the news group, so everyone can benefit from them (including me <g>).
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For direct access to all MS newsgroups: news://msnews.microsoft.com/

John R Buchan Independent Consultant Orlando, Florida USA
MCSE -++- MVP ...................... j.buchan(at)att(dot)net

0 new messages