No logon server available - Windows 2003 Trust Issue? NS Issue?

Discussion in 'Windows Networking' started by newsgroups.jd, Aug 2, 2006.

  1. THanks for any input ahead of time...

    I have 2 - Windows 2003 R2 Domains with a two way trust set up.

    Domain A

    Windows Firewall - turned off
    LMHOST Entries

    DC IP x.x.x.x DCHostName #PRE #DOM: "DomainBName
    DC IP x.x.x.x "DomainBNAME \0x1b" #PRE


    Domain B

    Windows Firewall - turned off
    LMHOST Entries

    DC IP x.x.x.x DCHostName #PRE #DOM: "DomainAName
    DC IP x.x.x.x "DomainANAME \0x1b" #PRE


    Trust created fine

    Domain A tries to access shared folder on Domain B - I get auth box
    - which is good. Once I assign NTFS and Share permissions, that will
    go away.


    Domain B tries to access shared folder on Domain A - I get following

    <error>

    \\dcname\test is not accessible. You might not have permission to use
    this network
    resource. Contact the administrator of this server to find out if you
    have access
    permissions.

    There are currently no logon servers available to service this logon
    request.

    </error>

    I have read alot of Q articles and alot of post regarding this error,
    and it mostly relates to name resolution. I have verified my entries
    on both domain controllers. I can ping back and forth using wins name.
    I have added DC entries in WINS just to make sure... shouldn't have
    to if they are in lmhost.

    I have run nslookup on both servers to verify what it sees as the name
    server for each domain.

    I cant see to figure out what is going on - I ran a sniff on the port
    for DC B while trying to access DC A and do not see anything out of the
    ordinary...

    Any thoughts?
     
    newsgroups.jd, Aug 2, 2006
    #1
    1. Advertisements

  2. Since these are W2k3 domains you should be able to use DNS
    to get them communicating properly. Add the remote DNS servers
    as secondary DNS servers on each W2k3 DC.
     
    Michael Giorgio - MS MVP, Aug 2, 2006
    #2
    1. Advertisements

  3. For DNS - I actually created a conditional forwarder on each domain -
    which also seems to be working fine -
    side with either FQDNs or with netbios names....

    I did this before...

    So still getting the error :(

    JD
     
    newsgroups.jd, Aug 2, 2006
    #3
  4. Try adding them as secondary domains and see if this resolves
    your issue.. W2k or higher uses DNS for this type of connectivity.
    NetBIOS which use WINS or lmhosts is necessary in NT 4.0.

    Well to be sure your lmhosts are configured properly you have to
    make sure the adapters are configured for NetBIOS and lmhosts
    lookup. Open a dos prompt on each machine and run nbtstat -c
    and post the results. You can mask the names and tcp/ip addresses.
     
    Michael Giorgio - MS MVP, Aug 2, 2006
    #4
  5. Michael,

    Thank you for the response, getting another set of eyes before I call
    MS is always helpful. I had already verifed the LMHOST lookup was
    enabled, but double checked again and it was. Here is the result from
    the nbtstat on both DCs


    Local Area Connection:
    Node IpAddress: [x.x.156.151] Scope Id: [] - DOMAIN A

    NetBIOS Remote Cache Name Table


    Name Type Host Address Life [sec]
    ------------------------------------------------------------
    Domain B DC <03> UNIQUE x.x.6.67 -1
    Domain B DC <00> UNIQUE x.x.6.67 -1
    Domain B DC <20> UNIQUE x.x.6.67 -1
    Domain B <1C> GROUP x.x.6.67 -1
    Domain B.... <03> UNIQUE x.x.6.67 -1
    Domain B.... <00> UNIQUE x.x.6.67 -1
    Domain B.... <20> UNIQUE x.x.6.67 -1


    Local Area Connection 2:
    Node IpAddress: [x.x.6.67] Scope Id: [] - DOMAIN B

    NetBIOS Remote Cache Name Table

    Name Type Host Address Life [sec]
    ------------------------------------------------------------
    DOMAIN A <1C> GROUP x.x.156.151 -1
    DOMAIN A... <03> UNIQUE x.x.156.151 -1
    DOMAIN A... <00> UNIQUE x.x.156.151 -1
    DOMAIN A... <20> UNIQUE x.x.156.151 -1
    Domain A DC <03> UNIQUE x.x.156.151 -1
    Domain A DC <00> UNIQUE x.x.156.151 -1
    Domain A DC <20> UNIQUE x.x.156.151 -1


    As for secondary domain - are you refering to a secondary DNS zone? I
    had never heard it refered to as a secondary domain? but again - the
    name resolution seems to be functioning, which is why I am baffled....

    JD
     
    newsgroups.jd, Aug 3, 2006
    #5
  6. More info -

    Following error popped up a few times in Domain A -

    <error>

    This computer was not able to set up a secure session with a domain
    controller in domain (Domain B) due to the following:
    The remote procedure call failed and did not execute.
    This may lead to authentication problems. Make sure that this computer
    is connected to the network. If the problem persists, please contact
    your domain administrator.

    ADDITIONAL INFO
    If this computer is a domain controller for the specified domain, it
    sets up the secure session to the primary domain controller emulator in
    the specified domain. Otherwise, this computer sets up the secure
    session to any domain controller in the specified domain.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.

    </error>



     
    newsgroups.jd, Aug 3, 2006
    #6
  7. As long as you do know this should be handled by DNS...

    Your remote name table is missing the domain name 1b
    unique name for domains. Mostlikely cause is an incorrect
    domain name 1b entry in lmhosts. You have to make sure
    there are 15 characters in the domain name by adding spaces
    after your NetBIOS domain name to make up 15 spaces or
    the 1b name won't be cached e.g.,:

    DC IP x.x.x.x "DomainBNAME----\0x1b" #PRE

    I used hyphens in place of spaces so you could see the four
    spaces needed to complete the domain name. The actual
    NetBIOS name of domainB plus enough spaces to add up
    to 15 will cure add the 1b name into the cache. Although I
    doubt this will cure your issue it will remove NetBIOS name
    resolution from one your possible causes..





     
    Michael Giorgio - MS MVP, Aug 3, 2006
    #7
  8. Good catch - after I tried this I did some searching and see you have
    had to point this out to people more than once... I thought the
    requirement was at least 15 characters... I actually had more than 15
    in both and had to reduce it to be exactly 15 characters for it to
    import the 1b record...

    Anyways - I know have the ib recorbs showig up in nbtstat -c , but it
    did not resolve the initial issue as you suspected...

    JD



     
    newsgroups.jd, Aug 4, 2006
    #8
  9. Scratch that - after a reload I am getting auth boxes on both sides...
    Thanks for your help!!

    JD
     
    newsgroups.jd, Aug 4, 2006
    #9
  10. Cool, Glad to hear you got it working and thank you
    for the update. .. ;-)
     
    Michael Giorgio - MS MVP, Aug 7, 2006
    #10
  11. When you say that this should be handled by DNS - do you have a
    recommendation of how this should be set up?

    I would have assumed with the conditional forwarders that the LMHOST
    entries would not even be needed?

    JD
     
    newsgroups.jd, Aug 8, 2006
    #11
  12. The lmhosts entries are not conditional forwarders rather they are
    static entries preloaded into the cache which aid in NetBIOS name
    resolution. NetBIOS and DNS are two completely different animals.
    DNS uses domain name queries and FQDNs. You setup each DNS
    server from each domain to use each other for secondary DNS resolution
    which queries the other DNS servers for all queries to that paticular
    domain.
     
    Michael Giorgio - MS MVP, Aug 8, 2006
    #12
  13. Yes, I was aware of this... what I meant was that in addition to the
    LMHost entries, I also set up conditional forwards within the DNS.
    Essentially, any traffic for *.domaina.local send the dns request to
    domaina's dns servers.

    My question is, do you have to use lmhost for this scenario, if you are
    going to use DNS, wouldnt the conditional forwards be enough?

    DNS and lmhost are completely seperate, yes, but they both do name
    resolution of course, one for netbios, one for fqdn, however in the end
    they get you to the same place... so does netbios, lmhost, wins
    entries - even have to be used - couldnt you just use DNS, and if DNS
    could be the only thing used, would the conditional forwarders within
    DNS sufice.

    JD
     
    newsgroups.jd, Aug 18, 2006
    #13
  14. Well NetBIOS is eventually going to be phased out. You are
    supposed to be able to disable NetBIOS over tcp/ip in a pure
    W2k or higher domain but there are apps that rely on it for
    communication. They both get you to the same place as long as
    NetBIOS is enabled but it is for backwards compatibility.

    I am not huge on DNS but I would think the forwarders should
    work. Have you queried DNS for the remote domain using
    nslookup. Open a dos prompt and run nslookup www.remotedomain.local.

    Verify the DNS server is giving you the correct tcp/ip address
    for the domain.
     
    Michael Giorgio - MS MVP, Aug 18, 2006
    #14
  15. Yes - I was able to use nslookup correctly before ever adding the
    lmhost entries...
    kinda confusing this one... be nice if there was some logging.

    JD
     
    newsgroups.jd, Aug 21, 2006
    #15
  16. Hard to log something on the server if you can't get to it.
    The error is: path not found or network not available when
    attempting to browse or find the domain? They are two
    different animals. Browsing requires NetBIOS only and
    won't work with DNS.
     
    Michael Giorgio - MS MVP, Aug 21, 2006
    #16
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.