Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Servers in DMZ cannot contact DC's

Status
Not open for further replies.
fe0

fe0

MIS
Jan 20, 2003
4
0
0
US
Hello,

I have 2 servers in my DMZ that keep getting this error:

Windows cannot obtain the domain controller name for your computer network. Return Value (59).

I have netbios, dns, ldap, kerberos, and many more, etc etc open from my dmz interface to the inside on my firewall (this firewall has been setup for 6 months unchanged, now this starts out of the blue, so it isnt a configuration issue with firewall)

I have been through alot of sites for this problem. I have done nslookups to verify they can find the DC's etc. Ran both Netdiag and DCdiag on servers and DC's, I do see an error saying the servers cannot ping the WINS servers on the inside when running netdiag on them, but DNS is fine (remember netbios is open on the firewall). as far as the network properties, everything is set correct, etc. in DNS on the inside there are A records for these machines, etc. I do not know why this is still happening HELP!
 
Sort by date Sort by votes
Its my understanding that communication to and from domain controllers will not travel over the same ports everytime.. at least for some types of communication. The only sure way to make it work is to setup IPSec between the servers and open those necessary ports since they will remain the same.
I beleive there is a Q article on how to do this. something about replication over a firewall....
Hope it helps...

As to why it worked before and not now.. I have no idea.
you could try and move the box to your internal lan just to test and make sure it isn't a problem with the server..
 
Upvote 0 Downvote
I think Petway has the best option.. start by isolating the source.. either DMZ or LAN... Turn off your rules in the firewall from DMZ to LAN for a bit and check out if the error vanishes. I know you said the firewall has not been tampered with, but it would be good to confirm it.

What about fragemented packets? I had this problem where I could type in my username password, it would pass the intial validation, but when it came time to load the policies, the server would seem stuck trying to logon and nothing to do but wait until it timed out with that exact error. Scenario was the same: DMZ tyring to validate threw firewall which was completly open from DMZ to LAN but it would still not work. Make sure your services (ports) accept fragmented packets in your firewall.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ravalos
  • Question
Problem with PDFs in IIS
Replies
1
Views
245
gbaughma
gbaughma
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
134
gbaughma
gbaughma
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
119
Aquiles Vidal
Aquiles Vidal
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
93
mangentle
mangentle
andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
66
RRankin355
RRankin355

Part and Inventory Search

Sponsor

Back
Top