Connectivity problems between child member-server and root domain controllers

Tutorials Win: Microsoft Windows Forum

Hi Support

I have a forest with one root domain (root.local) and a child domain
(child.root.local) in a single AD forest.
The root domain and the child domain are seperated by a ISA server 2006
firewall.

I have open for communikation between all of the domains controller in the
root and the child domain.
All of the domain controllere in both domains are Global Catalog servere.

Everything is working fine, replication, DNS, GC without any errors.

The root domain controllers hosts the root DNS zone (root.local)
The child domain controllers hosts the child DNS zone (child.root.local)
I have forwarders on the child domain controllers
DNS works fine
Replication Works fine


My issue is:

When I am on a member server i the child domain and want to assign NTFS
permissions on a folder, the dialog boxes hangs for a long period of time.
(Could be any member server in the child domain)

I have looket at the ISA server logs and can see that this child member
sever tries to access the root domain controllere while it hangs. I first
to connect to the rootdcs using "PING", "Microsoft CIFS" and last "Session"

If i open PING and CIFS in the firewall between the child member server and
the root domain controllers it works fine, but i dont not want that
communikation to occur.
The communication must be so that the child member-servers only communicate
with the child domain controllers.

I have specific sites defined for the ROOT domain and the CHILD domain

Hope you have som good idears so we can this fixed

Best regards

Jesper vedholm
Systemtech A/S
Top

Re: Connectivity problems between child member-server and root domain controllers by Jesper

Jesper
Tue May 13 02:34:20 PDT 2008

Hi MS Support

Please respond to my issue

Thanks
Jesper

"Jesper Vedholm Hansen" <jvh@systemtech.dk> skrev i meddelelsen
news:B9C0F1F0-7872-495D-8153-2CB634673036@microsoft.com...
> Hi Support
>
> I have a forest with one root domain (root.local) and a child domain
> (child.root.local) in a single AD forest.
> The root domain and the child domain are seperated by a ISA server 2006
> firewall.
>
> I have open for communikation between all of the domains controller in the
> root and the child domain.
> All of the domain controllere in both domains are Global Catalog servere.
>
> Everything is working fine, replication, DNS, GC without any errors.
>
> The root domain controllers hosts the root DNS zone (root.local)
> The child domain controllers hosts the child DNS zone (child.root.local)
> I have forwarders on the child domain controllers
> DNS works fine
> Replication Works fine
>
>
> My issue is:
>
> When I am on a member server i the child domain and want to assign NTFS
> permissions on a folder, the dialog boxes hangs for a long period of time.
> (Could be any member server in the child domain)
>
> I have looket at the ISA server logs and can see that this child member
> sever tries to access the root domain controllere while it hangs. I first
> to connect to the rootdcs using "PING", "Microsoft CIFS" and last
> "Session"
>
> If i open PING and CIFS in the firewall between the child member server
> and the root domain controllers it works fine, but i dont not want that
> communikation to occur.
> The communication must be so that the child member-servers only
> communicate with the child domain controllers.
>
> I have specific sites defined for the ROOT domain and the CHILD domain
>
> Hope you have som good idears so we can this fixed
>
> Best regards
>
> Jesper vedholm
> Systemtech A/S
>
>
>
>
>
Top

Re: Connectivity problems between child member-server and root domain controllers by Jesper

Jesper
Mon Jun 16 10:48:35 PDT 2008

Hi Support

I never got any answer on this issue

Please take a look at it

Thanks

/Jesper

"Jesper Vedholm Hansen" <jvh@systemtech.dk> skrev i meddelelsen
news:B9C0F1F0-7872-495D-8153-2CB634673036@microsoft.com...
> Hi Support
>
> I have a forest with one root domain (root.local) and a child domain
> (child.root.local) in a single AD forest.
> The root domain and the child domain are seperated by a ISA server 2006
> firewall.
>
> I have open for communikation between all of the domains controller in the
> root and the child domain.
> All of the domain controllere in both domains are Global Catalog servere.
>
> Everything is working fine, replication, DNS, GC without any errors.
>
> The root domain controllers hosts the root DNS zone (root.local)
> The child domain controllers hosts the child DNS zone (child.root.local)
> I have forwarders on the child domain controllers
> DNS works fine
> Replication Works fine
>
>
> My issue is:
>
> When I am on a member server i the child domain and want to assign NTFS
> permissions on a folder, the dialog boxes hangs for a long period of time.
> (Could be any member server in the child domain)
>
> I have looket at the ISA server logs and can see that this child member
> sever tries to access the root domain controllere while it hangs. I first
> to connect to the rootdcs using "PING", "Microsoft CIFS" and last
> "Session"
>
> If i open PING and CIFS in the firewall between the child member server
> and the root domain controllers it works fine, but i dont not want that
> communikation to occur.
> The communication must be so that the child member-servers only
> communicate with the child domain controllers.
>
> I have specific sites defined for the ROOT domain and the CHILD domain
>
> Hope you have som good idears so we can this fixed
>
> Best regards
>
> Jesper vedholm
> Systemtech A/S
>
>
>
>
>
Top

Re: Connectivity problems between child member-server and root domain controllers by Paul

Paul
Tue Jun 17 05:56:14 PDT 2008

I think you can get by w/o icmp (ping) but as far as I know you will need to
open up port 445.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Jesper Vedholm Hansen" <jvh@systemtech.dk> wrote in message
news:B9C0F1F0-7872-495D-8153-2CB634673036@microsoft.com...
> Hi Support
>
> I have a forest with one root domain (root.local) and a child domain
> (child.root.local) in a single AD forest.
> The root domain and the child domain are seperated by a ISA server 2006
> firewall.
>
> I have open for communikation between all of the domains controller in the
> root and the child domain.
> All of the domain controllere in both domains are Global Catalog servere.
>
> Everything is working fine, replication, DNS, GC without any errors.
>
> The root domain controllers hosts the root DNS zone (root.local)
> The child domain controllers hosts the child DNS zone (child.root.local)
> I have forwarders on the child domain controllers
> DNS works fine
> Replication Works fine
>
>
> My issue is:
>
> When I am on a member server i the child domain and want to assign NTFS
> permissions on a folder, the dialog boxes hangs for a long period of time.
> (Could be any member server in the child domain)
>
> I have looket at the ISA server logs and can see that this child member
> sever tries to access the root domain controllere while it hangs. I first
> to connect to the rootdcs using "PING", "Microsoft CIFS" and last
> "Session"
>
> If i open PING and CIFS in the firewall between the child member server
> and the root domain controllers it works fine, but i dont not want that
> communikation to occur.
> The communication must be so that the child member-servers only
> communicate with the child domain controllers.
>
> I have specific sites defined for the ROOT domain and the CHILD domain
>
> Hope you have som good idears so we can this fixed
>
> Best regards
>
> Jesper vedholm
> Systemtech A/S
>
>
>
>
>


Top