Cannot browse to a domain controller across windows domains

Discussion in 'Windows Networking' started by Joshua Gramlich, Aug 2, 2005.

  1. I am in an organiztion with multiple domains. These domains are
    transitory, coming and going with projects. As far as I can tell,
    there is no "forest" per se...these two domains I speak of are
    unrelated.

    I can browse to PC's (all OS are XP and 2003 server) in the UP domain,
    from the CAS domain, but not to the domain controller. In one
    situation though, there is a CAS workstation from which I can browse to
    the DC of the UP domain. I do not know why.

    On all other workstations of the CAS domain, I am prompted for
    username/password, but no combination of domain\username/password works
    and in the security logs of the DC there are no failed security events.
    (when browsing to, say, \\UPDC\share1)

    Anything entered at the login prompt caused one to be reprompted.
    Again, I can browse to and manipulate files on the member computers,
    but not the domain controller of this separate domain. I do have *one*
    workstation that can browse to the DC, but I cannot say why this is the
    case.

    Any thoughts?
     
    Joshua Gramlich, Aug 2, 2005
    #1
    1. Advertisements

  2. Hi

    If one machine works then you can compare it to a non-working one - try
    ipconfig /all on both , gpresult, and some of the DS tools to find out what
    groups the machine/user is part of, and then compare

    Other than that is WINS/DNS/AD set up right - any eventlogs of importance?

    Regards

    S
     
    PScyime via WinServerKB.com, Aug 2, 2005
    #2
    1. Advertisements

  3. I can find no differences between the workstation that works properly
    and the one that does not. There are no security audit entrys success
    or failure in the security logs when I try to log on...as though the
    workstation which I am trying to browse the DC with has never contacted
    the DC...even though I am prompted for username/password upon browsing
    to the domain controller of the outside domain.
     
    Joshua Gramlich, Aug 2, 2005
    #3
  4. Browsing and permissions are usually two seperate
    issues. Since you can browse to the DC, I'll assume
    browsing is working.

    Can you ping the DC from a problem machine by tcp/ip
    address? How about name. How about running nslookup
    against the DC you are attempting to contact? If all checks
    out then I use Netmon.exe on the problem server to capture
    the traffic while attempting to map to a share. Verify whether
    or not the packets are reaching the DC.
     
    Michael Giorgio - MS MVP, Aug 3, 2005
    #4
  5. There are no networking issues at all. I can ping the target domain
    controller with both WINS name and IP address. But, I cannot browse.
    As soon as I type the IP address or name of the target server in
    Start>Run I am prompted to log in by a dialog box. No combination of
    username/password/domain works. Netmon running on the DC shows that it
    is receiving TCP packets from the client trying to browse shares on the
    DC.
     
    Joshua Gramlich, Aug 4, 2005
    #5
  6. You keep referring to browsing but you are trying to
    "connect" to the server. Browsing to the server simply
    requires you to find the server in My Network Places.
    In any case, it's a must point. There are two factors
    which could be affecting your situation. One is the
    NTLM settings on the server compared to the client
    machines and the other is the restrict anonymous
    registry setting. Have a look at the following for
    details:
    How to use the RestrictAnonymous registry value in Windows 2000
    http://support.microsoft.com/kb/q246261/

    Authentication Problems in Windows 2000 with NTLM 2 Levels Above 2 in a
    Windows NT 4.0 Domain
    http://support.microsoft.com/default.aspx?scid=kb;en-us;305379
     
    Michael Giorgio - MS MVP, Aug 4, 2005
    #6
  7. Yes, and it was finally identified as an issue with the group policy
    settings. The ability to browse the computer from the network had been
    turned off.
     
    Joshua Gramlich, Aug 8, 2005
    #7
  8. Glad to hear you got it working and thank
    you for the update.
     
    Michael Giorgio - MS MVP, Aug 8, 2005
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.