ICMP from workstations in one domain to another domain's DCs

Discussion in 'Windows Networking' started by Slogan, Feb 20, 2008.

  1. Slogan

    Slogan Guest

    Does anyone know why workstations in done domain would be sending echo
    requests to DC's of another domain? Both domains are in the same forest.

    Slogan, Feb 20, 2008
  2. Hello Slogan,

    I can not really follow your question, do you mean they ping automatically
    another dc? Please go more in detail, when it happens and how the network
    is setup.
    Meinolf Weber, Feb 21, 2008
  3. Slogan

    Slogan Guest

    It took me a few tries before the message took. Each time I rewrote it it
    got less and less detail.

    Here is the setup. Two domains, each hundreds of miles a part. Each domain
    is behind it's own boundary router and firewall (2 of each, one for each
    domain.) As stated before they are in the same forest, but not the same
    site. I have no general reason that the worksations would even have a
    "legitimate" reason for the workstations to talk via ICMP echo requests to
    the other domain's DCs. Base A's workstations send domain B's DCs. But not
    the reverse. This is being done by a hundred or more workstations. It is
    creating a lot of excess overhead in my opinion. I recently found that they
    are getting error messages in system log as below:

    aaa.bbb.ccc.ddd.com = domain B

    error messages are coming from domain A's workstations.

    lsasrv error : 40961

    The Security System could not establish a secured connection with the server
    ldap/aaa.bbb.ccc.ddd.com. No authentication protocol was available.

    and error:

    lsasrv error : 40960

    The Security System detected an authentication error for the server
    The failure code from authentication protocol Kerberos was "There are
    currently no logon servers available to service the logon request.

    Main Question is :

    Why do workstations in domain A need to send ICMP requests to DCs in domain B?
    Slogan, Feb 21, 2008
  4. Hello Slogan,

    So if the clients "talk" to the other domain how is your DNS setup? Please
    post an unedited ipconfig /all from one client of each domain and also one
    DC/DNS server from one.
    Meinolf Weber, Feb 22, 2008
