I changed the DNS entries back to what I originally had, and now I can log
into both domains.
Not sure about the trust relationships yet, but I seem to be moving in the
right direction.
Joe
"Joe Befumo" <(E-Mail Removed)> wrote in message
news:44075bb7$0$26741$(E-Mail Removed). ..
>I have two domains and 3 machines on my network (actually, there are two
> more workstations, but for the sake of simplicity, I'll just deal with
> one):
> WEB-DC is the domain server for domain WEB-DOMAIN.COM, INTERNAL-DC is the
> domain controller for domain INTERNAL.LAN. Both are set up as distinct
> Active Directory Forests (was this the right decision? My goal was maximum
> security for my internal network.) WEB-DC runs a webserver and mailserver,
> and INTERNAL_DC runs a database server. INTERNAL.LAN is my internal
> domain,
> into which I want my XP Professional workstation (MY-PC) to log. [I
> originally had both WEB-DC and INTERNAL-DC as co-PDCs on WEB-DOMAIN.COM,
> but
> thought better of it.] All three machines are behind a Netgear
> firewall/switch. I have HTTP, POP3, and SMTP ports open to machine WEB-DC
> .
> WEB-DC and INTERNAL-DC both have DNS server installed. Both are configured
> (in their TCP/IP settings) to point first to themselves, and then to each
> other. Both DNS servers were originally set up to forward to my IP's DNS
> servers, however, when I reinstalled Active Directory on INTERNAL-DC, it
> complained about the setup, and reconfigured so that INTERNAL_DC forwards
> to
> WEB-DC, rather than my IP's DNS. It seems to work, though.
>
>
>
> All three machines are on the same subnet.
>
>
>
> Before I set INTERNAL_DC onto its own forest/domain (INTERNAL.LAN), I was
> able to log into WEB-DOMAIN.COM from MY-PC.
>
>
>
> Since I made the change, however, I seem to have introduced some
> fundamental
> disconnect, the source of which eludes me.
>
>
>
> First of all, when I try to log onto MY-PC, INTERNAL.LAN doesn't even show
> up in the pulldown. My only options are to log into WEB-DOMAIN.COM or into
> MY-PC (this computer).
>
>
>
> If I try to log into WEB-DOMAIN.COM from MY-PC, I get the following error:
>
>
>
> "Windows cannot connect to the domain, either because the domain
> controller
> is down or otherwise unavailable, or because your computer account was not
> found . . ."
>
>
>
> However, once I log directly into MY-PC, I can see both WEB-DOMAIN.COM and
> INTERNAL.LAN in 'my network places', and can open a remote terminal to
> either one..
>
>
>
> When logged into WEB-DC, I can see the domains WEB-DOMAIN.COM and
> INTERNAL.LAN in 'my network places'.
>
>
>
> Likewise, when logged into INTERNAL_DC, I can see WEB-DOMAIN.COM and
> INTERNAL.LAN in 'my network places'.
>
>
>
> On WEB-DC, in the Active Directory Users and Computer panel, If I click on
> "Domain Controllers" -- WEB-DC shows up, BUT INTERNAL_DC does not.
>
>
>
> On WEB-DC, in the Active Directory Users and Computer panel, if I
> right-click on 'Computers', MY-PC is there.
>
>
>
> On WEB-DC, I go into Active Directory Domains and Trusts, right click on
> WEB-DOMAIN.COM, bring up the WEB-DOMAIN.COM properties, and select the
> Trusts tab.
>
>
>
> I click on "New Trust".
>
>
>
> In the "Trust Name" space in the New Trust Wizard, I enter INTERNAL (It
> won't
> let me continue if I enter INTERNAL.NET), check to create on both
> machines,
> enter the proper credentials, and successfully create the trust.
>
>
>
> I select "Confirm", and the result is : "The trust relationship was
> successfully created and confirmed."
>
>
>
> When logged into INTERNAL_DC, I can go to Active Directory Domains and
> Trusts, right-click on INTERNAL.NET, and I can see WEB-DOMAIN.COM on the
> Trusts tab.
>
>
>
> However, when logged into INTERNAL-DC, if I go to Active Directory Users
> and
> Computers, under "Domain Controllers" only INTERNAL-DC shows up. WEB-DC Is
> missing.
>
>
>
> When logged into INTERNAL-DC, I go to Active Directory Users and
> Computers,
> right-click on Computers, and add MY-PC as a member of INTERNAL.LAN.
>
>
>
> I log off of MY-PC. When I try to log back in, the situation is
> unchanged -
> i.e., I cannot see INTERNAL.LAN, and can see, but cannot log into
> WEB-DOMAIN.COM.
>
>
>
> I'm utterly baffled at this point.
>
>
>
>
>
> BTW - my goal is to have WEB-DC and WEB-DOMAIN.COM house my web and mail
> server, with ports open in my firewall to that machine for HTTP, POP3, and
> SMTP. INTERNAL-LAN is my internal lan domain, into which I log with MY-PC
> (as well as the machines of the rest of my family). I would have a 1-way
> trust relationship between INTERNAL.LAN and WEB-DOMAIN.COM, such that I
> can
> easily move files to/from WEB-DC from MY-PC, but have INTERNAL.LAN
> protected
> (all of the machines plug directly into a Netgear firewall/switch). The
> database server for my websites would be running on INTERNAL-DC. Does this
> all sound reasonable?
>
>
>
> Thanks,
>
>
>
> Joe
>
>
>
> --
> Posted via NewsDemon.com - Premium Uncensored Newsgroup Service
> ------->>>>>>http://www.NewsDemon.com<<<<<<------
> Unlimited Access, Anonymous Accounts, Uncensored Broadband Access
--
Posted via NewsDemon.com - Premium Uncensored Newsgroup Service
------->>>>>>http://www.NewsDemon.com<<<<<<------
Unlimited Access, Anonymous Accounts, Uncensored Broadband Access
Similar Threads
Linear Mode
