Joining Two subnets of NT & 2000 1

[nimesh007]

Thanx for help in advance.
I have to join two subnets. One running NT domain and compters and another running 2000.
I installed two NIC cards on one Win 2000 server and one network card is connected to network running 2000(lets name it A) and another running NT (lets name it B).
TCP/IP configuration set are as follows
for NIC card connected to A confi is
IP: 192.168.1.57
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1
for NIC card connected to B confi is
IP: 192.168.32.10
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.32.1
Since the main purpose was to create two way trust between two domains to share each other's resources, I installed domain controller on win 2000 server and this newly created pdc is replication pdc of network A.So now there are two pdcs on Network A(running win 2000) and either of available server does authentication.
Second step I took was creating trust with NT domain controller in network B. First added NT domain under win2k "Domain that trust this domain". Second added winwk under NT "Trusting Domain". Third on win2k pdc under "Domain Trusted by this domain" added NT domain. Fourth on NT 4.0 pdc tried to add win2k domain as trusted domain. But here the problem started. NT domain says it cant find win2k domain. Though its pinging IP 192.168.32.10 it cant find domain.
Next step I took was adding lmhost.
On win2k I added lmhost as follows.
192.168.32.2 COMPUTERNAME #PRE #DOMOMAIN
192.168.32.2 DOMAIN "DOMAIN \0X1C #PRE
On NT I added lmhost as follows.
192.168.32.10 COMPUTERNAME #PRE #DOMOMAIN
192.168.32.10 DOMAIN "DOMAIN \0x1C #PRE
Than also it doesnt work. I tried thru cmd line nbstat -R but it says unrecognized command.
Than I tried to ping IP 192.168.1.57(win2k iP) from NT pdc it didnt work.
Than I tried to verify trust from win2k pdc and for that under "domain that trust this domain" I clicked verify on got following error.
"Secure query channel (SC) for win2k to domain NT failed with error: There are currently no logon servers available to service the logon request."
Can I enable routing and remote access to join two LAN. (Well I tried that but that didnt work to- may be something worng I have done)
Can any one help me to find whats wrong?

 

[ShackDaddy]

A few things.

1) I thought you had an NT4 PDC on network B and W2K DC's on network A. Your lmhosts files make it seem like all the domain controllers for both domains are on network B.

2) Your lmhosts entries don't look right. You didn't create the 'domain' record properly. The spacing and quotes have to be exact. If I were you, and knew what I know, I would install WINS on one of your NT servers and point all the servers at it. That will take care of all your name resolution issues and you won't need to worry about lmhosts.

3) The command is 'nbtstat -R' not 'nbstat -R'.

4) Ping is not a good test of the connectivity that you need to set up trusts involving NT systems. It would be better to try 'net view \\servername' to test the name resolution.

ShackDaddy

 

[nimesh007]

Hi ShackDaddy
win2k is on Network A and NT is on network B.
lmhost on both computer are pointing to each others name(here for giving example I wrote DOMAIN).
Spacing is exactly as described on microsoft site, since here if I post same white spaces gets eliminated thats why you dont see correct spacing.
Let me write lmhost record again. Can you let me know whats wrong in that (except 16 char spacing)?
On win2k I added lmhost as follows.
192.168.32.2 BIG #PRE #DOM:MRBIG
192.168.32.2 "MRBIG \ 0X1C" #PRE
On NT I added lmhost as follows.
192.168.32.10 RSGATEWAY #PRE #DOM:RSVPNT
192.168.32.10 "RSVPNT\ 0x1C" #PRE
nbstat was spelling mistake in my posing. I am typing
nbstat -R but it doesnt work.
network A (replica domain that is RSGATEWAY) can ping by IP & by name of Network B domain computer and also can net view. But original domain controller which is in the LAN of network A at IP 192.168.1.3 can't ping or net view domain of network B.
Network B (NT) domain cant ping or see domain of network A at all.
How to install WINS, can you share more light on that please.
Thanks for your efforts(ignore spelling mistakes)

 

[ShackDaddy]

You are pointing your W2K lmhosts file to an address in its local network. You need to point it to the address of the NT server in the 192.168.1.0 network. This is critical.

NBTSTAT -R. If this is what you typed, please at least spell it right when you tell us about it.

What's the routing table on the original domain controller look like?

Install WINS on an NT server by going to the Network Control Panel -> Services -> Add -> WINS. Then configure your other clients to point at that server's IP address in the WINS configuration field of each client.

 

[nimesh007]

Thanks ShackDaddy for all your help.

I changed lmhost on NT to following, but wont let me find win2k domain.
192.168.1.57 RSGATEWAY #PRE #DOM:RSVPNT
192.168.1.57 "RSVPNT\ 0x1C" #PRE

The routing table on original domain controller(RSVPSERVER-RSVPNT) looks as follows. Due to space constraint display may get little messy here.
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3 1
192.168.1.3 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3 1
224.0.0.0 224.0.0.0 192.168.1.3 192.168.1.3 1
255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3 1
Default Gateway: 192.168.1.1

And Routing table on replica domain controller (RSGATEWAY-RSVPNT)looks like this
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.57 1
0.0.0.0 0.0.0.0 192.168.32.1 192.168.32.10 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.57 192.168.1.57 1
192.168.1.57 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.1.255 255.255.255.255 192.168.1.57 192.168.1.57 1
192.168.32.0 255.255.255.0 192.168.32.10 192.168.32.10 1
192.168.32.10 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.32.255 255.255.255.255 192.168.32.10 192.168.32.10 1
224.0.0.0 224.0.0.0 192.168.1.57 192.168.1.57 1
224.0.0.0 224.0.0.0 192.168.32.10 192.168.32.10 1
255.255.255.255 255.255.255.255 192.168.32.10 192.168.32.10 1
Default Gateway: 192.168.32.1

Your help is apreciated

 

[ShackDaddy]

Before I mess with your routing table, let me address another potentially major issue. What do you mean when you refer to a 'replica'? Did you make a disk image of one PDC and then duplicate it, and change the domain name?

 

[nimesh007]

No I installed domain controller itself.
This is how I joined
Primary domain controller already working has a name RSVPNT(computer name RSSERVER).
Than installed another domain controller which works as back up domain controller of RSVPNT (computer name RSGATEWAY).
But is it needed or if RRAS is set, it will work?
Thanks for your help

 

[ShackDaddy]

The RRAS system won't care whether it's also wearing the DC hat as well. Have you set up a WINS server yet? That would take care of any shortcomings that the lmhosts files may have.

Your routing tables look good to me. Can hosts in network A and B ping each other by IP address? Don't 'ping rsvpserver,' instead, 'ping 192.168.1.3'. If that doesn't work, your problem isn't name resolution at all, but pure routing, and we'll look at that again. If it DOES work, then you have a name resolution issue. Again, I suggest that if you are functioning on a mixed network with 2000 and NT and some 9x or NTWks clients, you should install a WINS server somewhere and point all your clients at it.

 

[nimesh007]

Computers in subnet A - 192.168.1.0 cant ping any computer in subnet B 192.168.32.0 vis-a-vis.
Can I install Wins at win2k end?
Do I have to install Wins at both end (push-pull partner) or at one place is okay?
Thanks

 

[ShackDaddy]

No, only set up one WINS server. It doesn't matter which domain you put it in or which system you install it on, as long as it's not on your RSGATEWAY server.

But you can't make WINS work till you sort out what seems to be a routing issue. Are you sure that you have 'IP Forwarding" enabled on your gateway server? Is the gateway running W2K with RRAS, or is it an NT machine? In any case, it looks like that system, even though it's routing table is correct, isn't routing packets from one interface to the other. Check your RRAS/routing settings again. I don't use W2k for routing, so I don't have a first-hand reference to help you.

 

[nimesh007]

RRAS is installed on win2k. IP forwarding is enabled too.
I installed WINS and than could atleast find IP when ping by name of machine on other network but request times out.
Thanks for your help shackdaddy.
I am trying to find possible problems and will post if some solution is arrived at. If you have any suggestion let me know.
P.S. I can ping all computers in subnet A(win2k) & subnet B (NT) from RSGATEWAY. But request times out if try to ping from any other computer in subnet A to Subnet B & vis-a-vis.

 

[ShackDaddy]

Your symptoms mean that packets just aren't routing across the RSGATEWAY system. What subnet mask are you using on all your systems? A wrong mask could fit the bill here. I think it should be 255.255.224.0. DUH! When I went back and read your first post, the problem was staring me in the face! Your mask is telling your systems that you have one big subnet! If you use the subnet mask I listed above (on all your hosts), in conjunction with that WINS server you just set up, you will have no problems.

Phew!

 

[ShackDaddy]

Nevermind. You have a mask that works. If your mask had been 255.255.0.0 the change would have been justified, but you are fine as-is.

 

[Pyrexia]

simple, but are all your computers pointing to your win2k rras box as their gateway?

 

[nimesh007]

Yes they are. But there are two gateways set.
One is for going on internet by default 192.168.1.1
& other is rras box 192.168.1.57

 

[ShackDaddy]

Two gateways set where? On the clients or on the gateway? I know there are two on the gateway.

Ok, I have another idea what the problem might be.

When you sit at a client in the network between your DSL router and your RSGATEWAY system and do a traceroute to a system on the other side of RSGATEWAY, does your trace ever hit RSGATEWAY and fail, or does it go straight to the DSL router, which doesn't know what to do with it?

All the clients in the network between the DSL and the W2K router need to use the W2K router as their gateway, not the DSL router. The W2K gateway will route stuff that comes to it appropriately: either across its interface to the .32 network or back to the DSL router as needed. The only exception would be if you are able to add another route to the DSL router, telling it how to get to the .32 network. You will probably need to do that anyway, if that's where you are doing NAT, so that clients in the .32 network will be able to use the internet.

 

[nimesh007]

It worked guys.
Hurraaaaah!
This was the bottle neck.
Though WINS was serving IP of client machines in subnet B(NT network) clients in subnet A could not ping IP. Even when I added gateway through properties window of tcp/ip it didnt work.
Than I added alternate static rout in DHCP server and it worked like magic for all clients who obtains IP from DHCP.
On server machines who have static IPs, I added alternate gateway through command prompt.
Thanks for your help ShackDaddy