Problem with setup VPN and Trust on 2 Win 2003 domains

aWe have two Win 2003 domains (albany.aft.corp and lee.aft.corp), both with
DSL access to the internet. We are trying to set up a VPN and then establish
a trust between them.

Each location has a Netopia DSL rouer and then inside of it a Linksys
Ethernet Cable\DSL VPN Router, which is connected to our switch. Tech support
at Linksys told us that the Netopia DSL router had to be on a different
subnet than our network.

albany domain has:
Netopia IP address 0f 192.168.4.254
network address is 192.168.0.0
server address 192.168.0.1
Gateway 192.168.0.6 (which is the Linksys address)

lee domain has:
Netopia IP address 0f 192.168.3.5
network address is 192.168.2.0
server address 192.168.2.10
Gateway 192.168.2.6 (which is the Linksys address)


I am in the lee domain and can ping the server in the albany domain. When I
try to set up the trust (through the new trust wizard in ‘active directory
domains and trusts’), I get the following:
1) I type 'albany' as the trust name, and then click next
2) The next screen asks me to select the trust type (realm or Windows
domain). I select Windows domain and retype the domain name 'albany' as
requested - then click next.
3) I then get a screen 'Cannot Continue' - 'The new trust wizzard cannot
continue because the specified domain could not be contacted'.

I set up WINS on both servers with both as replication partners because
maybe there was a resolution problem. Yesterday I was able to see and browse
the albany server(alb-dc-01) using '\\alb-dc-01'. However this stopped
working today. Today, I get the following message when I type '\\alb-dc-01':
"\\alb-dc-01 is not accesible. You might not have permission to use this
network resource. Contact the administrator of the server. The network
resource was not found."

I have no idea what to try next. I don't know if this is a VPN problem,
trust problem or combination of both.

I would appreciate it if somebody could give me step by step instructions on
how the VPN and trust should be setup.

Thank you



--
Alan B

Could be an SMB-signing issue. Temporarily turn off while creating the
trust.

http://support.microsoft.com/default...b;en-us;839499

--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights


"Alan258" <(E-Mail Removed)> wrote in message
news:71C01804-4E8C-4AF2-B7A1-(E-Mail Removed)...
aWe have two Win 2003 domains (albany.aft.corp and lee.aft.corp), both with
DSL access to the internet. We are trying to set up a VPN and then establish
a trust between them.

Each location has a Netopia DSL rouer and then inside of it a Linksys
Ethernet Cable\DSL VPN Router, which is connected to our switch. Tech
support
at Linksys told us that the Netopia DSL router had to be on a different
subnet than our network.

albany domain has:
Netopia IP address 0f 192.168.4.254
network address is 192.168.0.0
server address 192.168.0.1
Gateway 192.168.0.6 (which is the Linksys address)

lee domain has:
Netopia IP address 0f 192.168.3.5
network address is 192.168.2.0
server address 192.168.2.10
Gateway 192.168.2.6 (which is the Linksys address)


I am in the lee domain and can ping the server in the albany domain. When I
try to set up the trust (through the new trust wizard in ‘active directory
domains and trusts’), I get the following:
1) I type 'albany' as the trust name, and then click next
2) The next screen asks me to select the trust type (realm or Windows
domain). I select Windows domain and retype the domain name 'albany' as
requested - then click next.
3) I then get a screen 'Cannot Continue' - 'The new trust wizzard cannot
continue because the specified domain could not be contacted'.

I set up WINS on both servers with both as replication partners because
maybe there was a resolution problem. Yesterday I was able to see and
browse
the albany server(alb-dc-01) using '\\alb-dc-01'. However this stopped
working today. Today, I get the following message when I type '\\alb-dc-01':
"\\alb-dc-01 is not accesible. You might not have permission to use this
network resource. Contact the administrator of the server. The network
resource was not found."

I have no idea what to try next. I don't know if this is a VPN problem,
trust problem or combination of both.

I would appreciate it if somebody could give me step by step instructions on
how the VPN and trust should be setup.

Thank you



--
Alan B

Todd,
I tried it with no luck.
These are some other messages that get. I was able to get the trust set up,
but still cannot connect the two domains. Whe I click on "domains and
trusts", then right click properties, then the trust tab brings up the 2 way
trust. When I click the validate button on the trust properties window, I get
the following message:
"The local security authority is unable to obtain an RPC connection to the
domain controller alb-dc-01.aft.corp. Please check that the name can be
resolved and the server is available."

Also, when I type "netdom trust lee /d:albany /verify" at the command
prompt, Iget the message "command failed to complete successfully" which I
guess means there is a problem with the trust. I even tried removing the
trusts and recreating them without any success.

Do you have any thoughts on how to fix this?

Thank you

Also, when Iright click on"active domains and trusts" and select "connect to
domain controller" and the type in alb-dc-01.aft.corp, I get the following
message:
"The following domain controller could not be contacted: alb-dc-01.aft.corp.
RPC service is unavailable."


I can ping the domain controller with its IP address and name (alb-dc-01).
--
Alan B


"Todd J Heron" wrote:

> Could be an SMB-signing issue. Temporarily turn off while creating the
> trust.
>
> http://support.microsoft.com/default...b;en-us;839499
>
> --
> Todd J Heron, MCSE
> Windows Server 2003/2000/NT; CCA
> ----------------------------------------------------------------------------
> This posting is provided "as is" with no warranties and confers no rights
>
>
> "Alan258" <(E-Mail Removed)> wrote in message
> news:71C01804-4E8C-4AF2-B7A1-(E-Mail Removed)...
> aWe have two Win 2003 domains (albany.aft.corp and lee.aft.corp), both with
> DSL access to the internet. We are trying to set up a VPN and then establish
> a trust between them.
>
> Each location has a Netopia DSL rouer and then inside of it a Linksys
> Ethernet Cable\DSL VPN Router, which is connected to our switch. Tech
> support
> at Linksys told us that the Netopia DSL router had to be on a different
> subnet than our network.
>
> albany domain has:
> Netopia IP address 0f 192.168.4.254
> network address is 192.168.0.0
> server address 192.168.0.1
> Gateway 192.168.0.6 (which is the Linksys address)
>
> lee domain has:
> Netopia IP address 0f 192.168.3.5
> network address is 192.168.2.0
> server address 192.168.2.10
> Gateway 192.168.2.6 (which is the Linksys address)
>
>
> I am in the lee domain and can ping the server in the albany domain. When I
> try to set up the trust (through the new trust wizard in ‘active directory
> domains and trusts’), I get the following:
> 1) I type 'albany' as the trust name, and then click next
> 2) The next screen asks me to select the trust type (realm or Windows
> domain). I select Windows domain and retype the domain name 'albany' as
> requested - then click next.
> 3) I then get a screen 'Cannot Continue' - 'The new trust wizzard cannot
> continue because the specified domain could not be contacted'.
>
> I set up WINS on both servers with both as replication partners because
> maybe there was a resolution problem. Yesterday I was able to see and
> browse
> the albany server(alb-dc-01) using '\\alb-dc-01'. However this stopped
> working today. Today, I get the following message when I type '\\alb-dc-01':
> "\\alb-dc-01 is not accesible. You might not have permission to use this
> network resource. Contact the administrator of the server. The network
> resource was not found."
>
> I have no idea what to try next. I don't know if this is a VPN problem,
> trust problem or combination of both.
>
> I would appreciate it if somebody could give me step by step instructions on
> how the VPN and trust should be setup.
>
> Thank you
>
>
>
> --
> Alan B
>
>

Have any firewall in between? Refer to the "dynamic" RPC section of the
article below. It may answer your needs. Note: RPC traffic cannot traverse
a NAT (unless inside a VPN).

http://www.microsoft.com/serviceprov...sec_P63623.asp

--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights

"Alan258" <(E-Mail Removed)> wrote in message
news:869A0A9F-8A62-4EB9-890C-(E-Mail Removed)...
Todd,
I tried it with no luck.
These are some other messages that get. I was able to get the trust set up,
but still cannot connect the two domains. Whe I click on "domains and
trusts", then right click properties, then the trust tab brings up the 2 way
trust. When I click the validate button on the trust properties window, I
get
the following message:
"The local security authority is unable to obtain an RPC connection to the
domain controller alb-dc-01.aft.corp. Please check that the name can be
resolved and the server is available."

Also, when I type "netdom trust lee /d:albany /verify" at the command
prompt, Iget the message "command failed to complete successfully" which I
guess means there is a problem with the trust. I even tried removing the
trusts and recreating them without any success.

Do you have any thoughts on how to fix this?

Thank you

Also, when Iright click on"active domains and trusts" and select "connect to
domain controller" and the type in alb-dc-01.aft.corp, I get the following
message:
"The following domain controller could not be contacted: alb-dc-01.aft.corp.
RPC service is unavailable."


I can ping the domain controller with its IP address and name (alb-dc-01).
--
Alan B


"Todd J Heron" wrote:

> Could be an SMB-signing issue. Temporarily turn off while creating the
> trust.
>
> http://support.microsoft.com/default...b;en-us;839499
>
> --
> Todd J Heron, MCSE
> Windows Server 2003/2000/NT; CCA
> ----------------------------------------------------------------------------
> This posting is provided "as is" with no warranties and confers no rights
>
>
> "Alan258" <(E-Mail Removed)> wrote in message
> news:71C01804-4E8C-4AF2-B7A1-(E-Mail Removed)...
> aWe have two Win 2003 domains (albany.aft.corp and lee.aft.corp), both
> with
> DSL access to the internet. We are trying to set up a VPN and then
> establish
> a trust between them.
>
> Each location has a Netopia DSL rouer and then inside of it a Linksys
> Ethernet Cable\DSL VPN Router, which is connected to our switch. Tech
> support
> at Linksys told us that the Netopia DSL router had to be on a different
> subnet than our network.
>
> albany domain has:
> Netopia IP address 0f 192.168.4.254
> network address is 192.168.0.0
> server address 192.168.0.1
> Gateway 192.168.0.6 (which is the Linksys address)
>
> lee domain has:
> Netopia IP address 0f 192.168.3.5
> network address is 192.168.2.0
> server address 192.168.2.10
> Gateway 192.168.2.6 (which is the Linksys address)
>
>
> I am in the lee domain and can ping the server in the albany domain. When
> I
> try to set up the trust (through the new trust wizard in ‘active directory
> domains and trusts’), I get the following:
> 1) I type 'albany' as the trust name, and then click next
> 2) The next screen asks me to select the trust type (realm or Windows
> domain). I select Windows domain and retype the domain name 'albany' as
> requested - then click next.
> 3) I then get a screen 'Cannot Continue' - 'The new trust wizzard cannot
> continue because the specified domain could not be contacted'.
>
> I set up WINS on both servers with both as replication partners because
> maybe there was a resolution problem. Yesterday I was able to see and
> browse
> the albany server(alb-dc-01) using '\\alb-dc-01'. However this stopped
> working today. Today, I get the following message when I type
> '\\alb-dc-01':
> "\\alb-dc-01 is not accesible. You might not have permission to use this
> network resource. Contact the administrator of the server. The network
> resource was not found."
>
> I have no idea what to try next. I don't know if this is a VPN problem,
> trust problem or combination of both.
>
> I would appreciate it if somebody could give me step by step instructions
> on
> how the VPN and trust should be setup.
>
> Thank you
>
>
>
> --
> Alan B
>
>

Todd,

Yes, there are two firewalls. (they are built into the Linksys routers at
each network). The link you sent me gives the following message 'We’re
sorry, but there is no Microsoft.com Web page that matches your entry.'

Thank you
Alan B


"Todd J Heron" wrote:

> Have any firewall in between? Refer to the "dynamic" RPC section of the
> article below. It may answer your needs. Note: RPC traffic cannot traverse
> a NAT (unless inside a VPN).
>
> http://www.microsoft.com/serviceprov...sec_P63623.asp
>
> --
> Todd J Heron, MCSE
> Windows Server 2003/2000/NT; CCA
> ----------------------------------------------------------------------------
> This posting is provided "as is" with no warranties and confers no rights
>
> "Alan258" <(E-Mail Removed)> wrote in message
> news:869A0A9F-8A62-4EB9-890C-(E-Mail Removed)...
> Todd,
> I tried it with no luck.
> These are some other messages that get. I was able to get the trust set up,
> but still cannot connect the two domains. Whe I click on "domains and
> trusts", then right click properties, then the trust tab brings up the 2 way
> trust. When I click the validate button on the trust properties window, I
> get
> the following message:
> "The local security authority is unable to obtain an RPC connection to the
> domain controller alb-dc-01.aft.corp. Please check that the name can be
> resolved and the server is available."
>
> Also, when I type "netdom trust lee /d:albany /verify" at the command
> prompt, Iget the message "command failed to complete successfully" which I
> guess means there is a problem with the trust. I even tried removing the
> trusts and recreating them without any success.
>
> Do you have any thoughts on how to fix this?
>
> Thank you
>
> Also, when Iright click on"active domains and trusts" and select "connect to
> domain controller" and the type in alb-dc-01.aft.corp, I get the following
> message:
> "The following domain controller could not be contacted: alb-dc-01.aft.corp.
> RPC service is unavailable."
>
>
> I can ping the domain controller with its IP address and name (alb-dc-01).
> --
> Alan B
>
>
> "Todd J Heron" wrote:
>
> > Could be an SMB-signing issue. Temporarily turn off while creating the
> > trust.
> >
> > http://support.microsoft.com/default...b;en-us;839499
> >
> > --
> > Todd J Heron, MCSE
> > Windows Server 2003/2000/NT; CCA
> > ----------------------------------------------------------------------------
> > This posting is provided "as is" with no warranties and confers no rights
> >
> >
> > "Alan258" <(E-Mail Removed)> wrote in message
> > news:71C01804-4E8C-4AF2-B7A1-(E-Mail Removed)...
> > aWe have two Win 2003 domains (albany.aft.corp and lee.aft.corp), both
> > with
> > DSL access to the internet. We are trying to set up a VPN and then
> > establish
> > a trust between them.
> >
> > Each location has a Netopia DSL rouer and then inside of it a Linksys
> > Ethernet Cable\DSL VPN Router, which is connected to our switch. Tech
> > support
> > at Linksys told us that the Netopia DSL router had to be on a different
> > subnet than our network.
> >
> > albany domain has:
> > Netopia IP address 0f 192.168.4.254
> > network address is 192.168.0.0
> > server address 192.168.0.1
> > Gateway 192.168.0.6 (which is the Linksys address)
> >
> > lee domain has:
> > Netopia IP address 0f 192.168.3.5
> > network address is 192.168.2.0
> > server address 192.168.2.10
> > Gateway 192.168.2.6 (which is the Linksys address)
> >
> >
> > I am in the lee domain and can ping the server in the albany domain. When
> > I
> > try to set up the trust (through the new trust wizard in ‘active directory
> > domains and trusts’), I get the following:
> > 1) I type 'albany' as the trust name, and then click next
> > 2) The next screen asks me to select the trust type (realm or Windows
> > domain). I select Windows domain and retype the domain name 'albany' as
> > requested - then click next.
> > 3) I then get a screen 'Cannot Continue' - 'The new trust wizzard cannot
> > continue because the specified domain could not be contacted'.
> >
> > I set up WINS on both servers with both as replication partners because
> > maybe there was a resolution problem. Yesterday I was able to see and
> > browse
> > the albany server(alb-dc-01) using '\\alb-dc-01'. However this stopped
> > working today. Today, I get the following message when I type
> > '\\alb-dc-01':
> > "\\alb-dc-01 is not accesible. You might not have permission to use this
> > network resource. Contact the administrator of the server. The network
> > resource was not found."
> >
> > I have no idea what to try next. I don't know if this is a VPN problem,
> > trust problem or combination of both.
> >
> > I would appreciate it if somebody could give me step by step instructions
> > on
> > how the VPN and trust should be setup.
> >
> > Thank you
> >
> >
> >
> > --
> > Alan B
> >
> >
>
>