Active Directory Controllers?

M

Matt

Here's what our network looks like:



FIREWALL 1:
Outside: 63.174.x.x network (OUTSIDE)
AD Controllers: 10.200.1.x network (DMZ)
Clients: 172.16.1.x network (INTERNAL)

FIREWALL 2:
Outside: 63.174.x.x network (OUTSIDE)
Clients: 10.200.1.x network (DMZ)

We are trying to get the clients from behind firewall2 to behind the
INTERNAL of firewall1. The issue is that right now they are able to
authenticate and all is happy. They go from firewall2 to firewall 1
across the outside interfaces and then through a map to the DMZ to get
to the AD controllers.

When I try to move the clients behind the INTERNAL on FIREWALL1 I get
'No domain controllers are available to service your login request'.
I have a hosts file in place for the two domain controllers and have a
map going across from 172.16.1.x to 10.200.1.x. I can ping the DCs.
If I'm on a machine NOT on the domain I can connect to the DCs via
filesharing and their 172.16.1.x map. however, if I try that same thing
with a machine on the domain behind the INTERNAL I get the 'no domain
controller' message.

Any ideas?
 
P

Paul McGuire

Sounds like you need to open the correct ports for AD Authinication. Start
with pinging by name. If this works than DNS is working. DNS locates the
DC. I am not sure which other ports are used. You should be able to find a
KB article on this. If you can map a drive by ip then you atleast know
netbios is open. a quick port scan on the firewalls will tell you what you
have open and what is closed or stealth.

HTH

Paul McGuire
 
C

Cary Shultz [A.D. MVP]

This might be the link to the paper that you need....as per Paul's
suggestion.

HTH,

Cary
 
M

Matt

Cary,
There was no link attached.

To answer the other person...
If I'm ON the domain I can not map a drive.... I get the 'no domain
controllers are available to validate your logon request' message.
If I'm OFF the domain I can map drives just fine...

same ip setup.
 
M

Matt

uhhhhh
We’re sorry, we were unable to service your request. As an option, you
may visit any of the pages below for information about Microsoft
services and products.

:) try again?
 
C

Cary Shultz [A.D. MVP]

Matt,

Don't really understand your post.

Cary

Matt said:
uhhhhh
We’re sorry, we were unable to service your request. As an option, you
may visit any of the pages below for information about Microsoft
services and products.

:) try again?
Click to expand...
 
M

Matt

Nice! I went to the URL earlier and got that error... now it's working..
Matt,

Don't really understand your post.

Cary

uhhhhh
We’re sorry, we were unable to service your request. As an option, you
may visit any of the pages below for information about Microsoft
services and products.

:) try again?


Cary Shultz [A.D. MVP] wrote:

Opps,

Looks like I forgot something. Here it is:
Click to expand...
http://www.microsoft.com/serviceproviders/columns/config_ipsec_P63623.asp
HTH,

Cary



This might be the link to the paper that you need....as per Paul's
suggestion.

HTH,

Cary



Here's what our network looks like:



FIREWALL 1:
Outside: 63.174.x.x network (OUTSIDE)
AD Controllers: 10.200.1.x network (DMZ)
Clients: 172.16.1.x network (INTERNAL)

FIREWALL 2:
Outside: 63.174.x.x network (OUTSIDE)
Clients: 10.200.1.x network (DMZ)

We are trying to get the clients from behind firewall2 to behind the
INTERNAL of firewall1. The issue is that right now they are able to
authenticate and all is happy. They go from firewall2 to firewall 1
across the outside interfaces and then through a map to the DMZ to get
to the AD controllers.

When I try to move the clients behind the INTERNAL on FIREWALL1 I get
'No domain controllers are available to service your login request'.
I have a hosts file in place for the two domain controllers and have a
map going across from 172.16.1.x to 10.200.1.x. I can ping the DCs.
If I'm on a machine NOT on the domain I can connect to the DCs via
filesharing and their 172.16.1.x map. however, if I try that same
Click to expand...
thing
with a machine on the domain behind the INTERNAL I get the 'no domain
controller' message.

Any ideas?
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

AD in the DMZ - Any thoughts on this scenario? 9
Connecting 2 domains over a VPN 2
New DMZ design suggestions... 4
Windows Server What can Active Directory Do? 6
How to decide on which network interface domain controller is available 6
Active Directory Problem 2
Internal & External Networks with Active Directory 1
are 2 Domain Controllers really necessary? 8

Top