How does WINS deal with 2 different subnets?

[Dave Cox]

I have a single NT 4.0 domain with two offices. The main office seems
to work fine, but the branch office has certain peculiarities. The
two offices are connected by a pair of linux firewalls VPN'd together.
The following describes my network:

Main Office:
55 Win98se & WinXPpro workstations, dynamically addressed
Other WinNT 4.0 servers. 1 Win2003 member server
WinNT 4.0 BDC WINS server
192.100.0.0 Subnet
T1 Line w/ Linux Firewall

Branch:
244 Kbps DSL Line w/ Linux Firewall
192.100.2.0 Subnet
4 Win98se & WinXPpro workstations Statically addressed

I can Ping any device from any location. I can search for any
device by ipaddress from anywhere. I use a host file. Yet I get a
strange error when I try adding a domain user to a WinXP station in
the branch office. "The trust relationship between this workstation
and the primary domain failed." The workstation was communicationg to
the WINS server, but no response came back from it. I have been
reading in these groups, about the above error, but I'm reticent to do
what is requested (which is to remove the XP workstation from the
domain and re-add it.), since I would have to make a very long trip to
remedy the situation if it fails.

Other than that, communication seems to work just fine. Thanks
for any advice can you give.

Dave Cox

 

[Herb Martin]

I have a single NT 4.0 domain with two offices. The main office seems
to work fine, but the branch office has certain peculiarities. The
two offices are connected by a pair of linux firewalls VPN'd together.
The following describes my network:

You need to arrange to replicate all WINS servers so that they converge
on a SINGLE WINS DATABASE.

This means manually setting replication partners until you achieve complete,
and efficicient, replication.

Since WINS clients contact the WINS server by IP, only routability is the
technical requirement: A client and server may be separated by routers.

Efficiency may argue for a local WINS server however -- in that case you,
the
admin, are responsible for the replication configuration but that is quite
easy using
the GUI.

 

[Alan Wood [MSFT]]

Hi Dave,
When reviewing your structure I dont' see where the PDC is? I'm
assuming it's in the main office. First question I have is do the Systems
in the remote have have a WINS configuration to use the WINS server in the
main office. From the notes it does not appear there is WINS server in the
remote office, and this is OK as long as the clients know what WINS server
to use.

What has happened is the cleint has Lost it's Secure Channel with the DC.
In this case you can use NLTEST or NETDOM from the PDC or BDC to reset the
Secure with the workstation.

Here some articles on the tools:

216393 Resetting Computer Accounts in Windows 2000 and Windows XP
http://support.microsoft.com/?id=216393

175024 Resetting Domain Member Secure Channel
http://support.microsoft.com/?id=175024

HTH!



Alan Wood[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Dave Cox]

Herb,
I only have one WINS server located in the main office. Sorry I
didn't mention this. The branch office has no servers at all.
Dave

 

[Herb Martin]

Alan is correct on one thing: Where is your PDC?
I presumed that you just didn't mention it.

Also not that the main reason that people fail on NetBIOS WITH WINS,
is that they forget to make the SERVERS, including the DCs and even
the WINS Server itself, WINS clients.

If you don't make the servers into WINS clients, they never register
themselves and cannot be found by either clients or other servers.

The PDC (or equivalent in Win2000+) is special so it must definitely
be registered in WINS. Only WINS clients register themselves.

(Of course all the ordinary clients must be WINS clients too.)