G
Guest
Hi
I have 2 win2K-based forests
Between the 2 forests, I have a firewall allowing data from the 1st forest to go to the 2nd forest and blocking any data coming from the 2nd forest to the 1st forest EXCEPT if the data is a reply to a request established by the 1st forest
I also established a two-way trust-relationship between the 2 forests for users of the 1st forest to be able to acess data through File Services located on a DC of the 2nd forest
But when a user of the 1st forst tries to access data located on a server of the 2nd forest, here is the error message that comes up
"There are currently no logon servers available to service the logon request."
I thought that during Kerberos authentication DC's did not need to send any request to the user's machine
But apparently it must send request because otherwise it would work
1) So could someone tell me what could be that request that AD's (Ticket Granting Services) launch
2) Could someone tell me the port I have to open from the 2nd forest to the 1st one for the authentication works well
3 And would someone know what port are used to be able to display the Security Entry Label instead of the SID
ex: instead of S-1-5-454564646-500, having "MY_DOMAIN\Administrator
Thank you in advance for any help
Julien.
I have 2 win2K-based forests
Between the 2 forests, I have a firewall allowing data from the 1st forest to go to the 2nd forest and blocking any data coming from the 2nd forest to the 1st forest EXCEPT if the data is a reply to a request established by the 1st forest
I also established a two-way trust-relationship between the 2 forests for users of the 1st forest to be able to acess data through File Services located on a DC of the 2nd forest
But when a user of the 1st forst tries to access data located on a server of the 2nd forest, here is the error message that comes up
"There are currently no logon servers available to service the logon request."
I thought that during Kerberos authentication DC's did not need to send any request to the user's machine
But apparently it must send request because otherwise it would work
1) So could someone tell me what could be that request that AD's (Ticket Granting Services) launch
2) Could someone tell me the port I have to open from the 2nd forest to the 1st one for the authentication works well
3 And would someone know what port are used to be able to display the Security Entry Label instead of the SID
ex: instead of S-1-5-454564646-500, having "MY_DOMAIN\Administrator
Thank you in advance for any help
Julien.