Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NT Domain Controller

Status
Not open for further replies.
DTrix

DTrix

IS-IT--Management
Jul 6, 2000
32
0
0
CA
Good day all,

I was wondering if anyone could explain why I am having an issue with finding the Domain Controller during netlogon. I have a WINS server in a DMZ which I have successfully joined the NT Domain in the Inside network of the PIX, however, my success ends there. I can:

Ping the PDC by netbios name
Ping the PDC by IP
Join the NT Domain
From comman prompt use the Net Use command to connected to and login to the PDC.

The WINS server for the DMZ has a static entry to identify the PDC as the Domain Controller and Master Browser [1Ch] and [1Bh] respectively.

Yet, in the end when I try to login, I get a Domain Controller not found error.

The PIX has two interfaces with one on the DMZ and one on the Inside network, and no NAT. So routes aren't necessary because the PIX is aware of the only 2 networks it needs to know.

Could the default gateway of the PDC, which points to another router on the network... not the PIX be the problem? Although I did add a route on the PDC to point to the PIX to get to the DMZ's subnet.

Hope someone can help.

Thanks in advance,

-D

 
Sort by date Sort by votes
I know this seems anal, but add static routes for any non-default subnets. Especially with the 5.1x software which only allows one default subnet (which broke things until we added statics for all of our internal and dmz subnets, as we default out our external). This probably won't fix your problem, but just a solution that generally fixes odd connectivity problems.

The next thing I'd recommend would be to turn on debugging and logging and check out what packets are being denied. That's usually where I end up going to solve this sort of thing.
 
Upvote 0 Downvote
Setup syslog server (good one for WINNT and add a filter with desired IP address with log to file.

Probe your problem and look afterwords from syslog log file.
I've successfully used this kind of method in resolving PIX problems.

You can also try to add domain controller to apropriate LMHOST file, use #PRE#DOM:your_domain_name.


Good luck Juhani
 
Upvote 0 Downvote
2 immediate things come to mind, 1 your default gateway should be the interface on the pix it connects to, except (as is the case with our network where our internet connection is the gateway) where that gateway also points certain types of traffic back in and across your firewall. if not then are your dmz and domain on the same subnet? if not then maybe your wins server should reside on the inside and set up a wins proxy on your dmz replicating push/pull with your main wins server.

Hope thats helpful ;)


Paul
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rjwaunakee
  • Locked
  • Question
Allow Connections with Domain Names
Replies
0
Views
33
rjwaunakee
rjwaunakee
jasonadambrowne
  • Locked
  • Question
security policy based on domain names as apposed to IP address/range
Replies
0
Views
34
jasonadambrowne
jasonadambrowne
mbilgrav
  • Locked
  • Question
does "dns domain-lookup" work ?
Replies
0
Views
13
mbilgrav
mbilgrav
lecarbajal
  • Locked
  • Question
ASA ntp sync fail
Replies
2
Views
41
lecarbajal
lecarbajal
rogerexplosion
  • Locked
  • Question
Problems Publishing a non domain member server
Replies
0
Views
11
rogerexplosion
rogerexplosion

Part and Inventory Search

Sponsor

Back
Top