Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

browsing domains across subnets/multi-homed isa

Status
Not open for further replies.
influent

influent

Programmer
Jan 11, 2001
131
US
Okay, this is gonna be a long one, but whoever can solve this will be my hero forever. I have two domains called DomA and DomB. DomA is on subnet 192.168.2.x (SubA) and DomB is on subnet 10.0.0.x (SubB). I'm trying to set it up so that computers in DomB can see DomA in My Network Places; the reverse is already true. Right now each computer in DomB is multi-homed (single NIC), with one IP for DomA and one for DomB. Ultimately I'd like each computer in DomB to have only one IP, and have it be in the SubB range. DomB has an ISA server with three NICs, one with a public IP, one on DomA, and one on DomB. I would like all computers in DomB to be on a separate switch from DomA so that they all get routed through the ISA server in order to talk to DomA (I have that part working). DomB has two Win2k3 domain controllers, single-homed, one being the PDC and Master Browser. DomA has one Win2k DC and one Win2k3 DC, the latter being the PDC and MB. To confuse things even more, the ISA server in DomB wants to be the master browser on its SubA interface, according to nbtstat, even though its registry is set to FALSE for IsDomainMaster. Confused yet? There's more. I get a "not accessible" message when I try to view the shares on a computer in DomB from DomA in My Network Places, but only on the ones that are single-homed, even though I can ping them. Wow, if somebody can figure out my problem from what I just wrote, they deserve a raise.
 
Sort by date Sort by votes
Is the ISA server a DC on DomB? If so you have a problem.

Read subsection Backup And Potential Browser Issues

Because browser roles are determined by election, no server that can be a master browser can be multihomed.

Thus your ISA server, being a DC, can potentially be a master browser if the PDC goes offline.

Also, I assume you have established a trust between DomA and DomB and setup DNS forwarding between the DNS servers.

Paul

Work on Windows, play on Linux.
 
Upvote 0 Downvote
Nope, the ISA server is intentionally not a DC. There is no trust (security issues), but I did set up forwarding in DNS.
 
Upvote 0 Downvote
How about setting up rras on the isa server to seperate the 2 subnets?
 
Upvote 0 Downvote
Have you stopped Computer Browser service on the ISA server?

Paul

Work on Windows, play on Linux.
 
Upvote 0 Downvote
RRAS was set up right away on the ISA server for routing.

I tried stopping the Computer Browser service, but that didn't seem to help. It's possible that I had other settings set incorrectly at the time that I stopped the service.
 
Upvote 0 Downvote
Okay, right now I have the Computer Browser service disabled on the ISA server and I set the default gateway of SubA as the secondary gateway on both DCs in DomB. After doing that, the DCs can see that DomA exists in My Network Places, but can't browse it (path not found). Doing a NET VIEW /DOMAIN:DomA gives the same result.
 
Upvote 0 Downvote
this may help. quoted from
VPN server is a Virtual Multihomed Server

After enabling RRAS on a DC with WINS and DNS server, you may have some Master Browser or/and WINS issues. That reason is that VPN server is a Virtual Multihomed Server. The resolution is to disable NetBIOS Over TCP/IP on all interfaces including RRAS interfaces except the internal interface.


Robert Lin, MS-MVP, MCSE & CNE
Windows, Network, Internet, VPN, Routing and How to at
 
Upvote 0 Downvote
I'm making progress... I added entries to the DNS in DomB that point to the DCs (i.e. master browsers) in DomA. They look like this:
DC1.DomB.com 192.168.2.245
DC2.DomB.com 192.168.2.244

So they use the DomB suffix even though they're in DomA. After doing that, I can now see DomA from DomB in My Network Places. I still can't find any computers in DomA when I double-click them, but I think that's another DNS issue that I can figure out.
 
Upvote 0 Downvote
Cannot quite see what you are trying to accomplish. I am very confused as you say there is no trust, but you wish to access resources across different domains. Wihtout a trust relationship, is this possible? It is my understanding that it isn't, but more than happy to learn otherwise.
 
Upvote 0 Downvote
I got it all working! The last step was to go to the TCP/IP settings on each DNS server in DomB and add DomA as a secondary suffix to append on the DNS tab.

MasterofNone, without a trust, users accessing resources in DomA must authenticate as user@DomA.com; this is not a problem for my company. DomB is a development domain, and a lot of important files are in DomA, along with the Exchange server. I don't know that I have a really good reason to make users in DomB single-homed (the goal of this whole thing is to stop their logical multi-homedness while allowing them to see DomA), but I feel like I can eliminate some confusion ultimately, while speeding up traffic in DomB.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Smudge1977
  • Locked
  • Question
TMG ISA 2010 Web Listener not responding
Replies
0
Views
134
Smudge1977
Smudge1977
ncotton
  • Locked
  • Question
Migrating Hyper-V Services across Storage Platforms
Replies
0
Views
141
ncotton
ncotton
nervous2
  • Locked
  • Question
DNS setup very slow browsing what did I do wrong?
Replies
4
Views
251
ShackDaddy
ShackDaddy
Encino40
  • Locked
  • Question
Move user between child domains
Replies
1
Views
167
Encino40
Encino40
jim178
  • Locked
  • Question
accessing domains with net use
Replies
2
Views
200
m755
m755

Part and Inventory Search

Sponsor

Back
Top