no logon server available, need help

[jtrober]

ok, let me first explain my problem. I work in the main office of a company, the domain being called DOMAIN1.local

In a remote location, i just replaced the DC, the domain is now called DOMAIN2.local

I set up a 2 way trust, and that worked fine. The problem is, there is a shared folder in DOMAIN1 that I need the users of DOMAIN2 to be able to access. This worked before the DC in the offsite location was upgraded from NT to 2003. The shared folder is also located on a server that is running Server NT. The share is located on server1, which i part of DOMAIN1

Now, from DOMAIN2, i can ping server1.DOMAIN1.local but i cant access the share. If i try to map it, it says that there are no logon servers available to service my request. I can get to a share that I create on the DC of DOMAIN1, but that is it, i cant get to any other servers. Although, i can ping them all, by IP, name, or the FQDN (server.domain.local)

But, if i am in DOMAIN1, i can get to any of the shares that exist on DOMAIN2, not problem at all.

ANy ideas what my problem couold be. It is an offsite location that needs the access, connected via VPN on a watchgaurd firebox.

My best guess at this point is it has something to do with DNS, but i cant seem to figure out what, as DNS isnt my specialty.

Any help will be greatly appriciated

 

[jtrober]

anyone have any help?

 

[Andreh]

It seems you need to create a domain trust where Domain1 trusts Domain2. It seems that Domain2 already trusts Domain1 thus allowing access. You would also need to create a global / universal group in Domain1 which contains a group from Domain2 containing the users you want to have access to the share.

Are they (the domains) members of the same forest or separate forests? What is the Domain Functional Level (DFL) of both domains and Forest Functional Level (FFL) of the or both Forests?

This is important to know as if they are in the same forest and they are Windows 2003 Server DFL then it is pretty simple. If they are separate Forests and 2000 Mixed / Native then there are different ways to solve this.

Good luck

"Assumption is the mother of all f#%kups!

 

[jtrober]

Domain1 is windows 2003 interim
Domain2 is windows 2000 mixed

They are seperate forests, connected by VPNs. There is a 2 way trust set up, and I can validate both the incoming and outgoing from both Domain Controllers.

Its just wierd, because it seems like half the servers in Domain1, i have access to from Domain2, but there are a few that I dont. The one I need access to is a windows NT server, and was previously a BDC, but was recently demoted when we migrated to 2003 in Domain1. The NT server in domain2 worked fine with the 2003 server in domian1, it wasnt till they were both on 2003 that i started having these issues.

 

[jtrober]

also, its definatly not a permissions thing. I created a new group, of type Security Group - Domain Local and added all the users from Domain2 to that group, gave it full permissions on the folder i want to share, and still get the same problem.

I am begining to think that it is an issue with the server I am trying to access, not the server I am coming from, since I can get to other shares on Domain1 with no problem, just not a few specific ones. I think out of the 9 servers we have in Domain1, I can access shares on 5 of them, and on the other 3, it says no logon server available

 

[jtrober]

ok, I am going to kick myself in the head.

The share I was tyring to get to, i stopped and started the netlogon service today, that fixed the problem.

For some reason, its always the little things

 

[Andreh]

As a matter of interest which forest was it that you restarted the service? Was it the destination forest?

Well done on resolving your issue. Sometimes when you ask the question you find the answer in your head as you plot things out for others to understand.

Good luck

"Assumption is the mother of all f#%kups!

 

[jtrober]

well, I was trying to get to a Server in Domain1, from Domain2. I restarted the service on the server in Domain1 that had the share I was trying to access. The reason i figured this out, is that we recently updated our Domain1 DC from NT to 2003. The server in question is one of the few that hasnt been rebooted since the conversion to 2003. We had a new employee start in house yesterday, and what do you know, he cant get to that share, even though he is on Domain1, not in a remote location. So, i started thinking it was the server with the share on it. I looked at the log files, and it had a bunch of netlogon errors, so i thought, what the hell, why not restart the Netlogon service. That seemed to do it. It had nothing to do with the remote location, it just affected any new user accounts that were created after the conversion to 2003. We never encountered this issue before, because we havent had any new employees since the conversion.

I guess this is just one of those many things in the IT world that ends up being the obvious thing that you would never guess.