Jim, here is a link to an MS KB article outlining the requirements for
domain traffic over a firewall. Open these ports on the firewall to pass
the domain traffic.
Here's what happens: a client comes up and broadcasts for an available DC.
This also happens over TCP/IP, even if TCP/IP is the only network protocol
installed. When the DC receives the broadcast, it will respond to the
client in kind. If the DC happens to reside on a different subnet than does
the client, then some help is needed. This is where WINS/LMHOSTS comes into
play. Not only do these services provide name resolution, but more
importantly, they point to the location of critical services on an MS
network. That's why the authentication process can be made to work with
these services, but most likely not without them as the broadcast DC request
will not cross a router by default. PING, on the other hand, does not have
this same limitation as it's not a broadcast.
BTW, PING has nothing to do with either DNS or WINS. DNS/WINS provides a
service (name resolution) for the PING process to use, but the client
"decides" which form of resolution to use first and then uses the other in
case the first service used fails.
Just make sure you open the proper netbios ports per this link, your clients
have the WINS settings and that your domain controllers are registered with
WINS, which happens automagically provided there is a WINS address(es) in
the TCP/IP properties on the DCs. Otherwise, as Scott Morris stated in a
previous reply, an entry in the LMHOSTS file will work so long as you
include the #PRE and #DOM tags with the appropriate address of the DC.
Of course, you could use the IP-helper address also as Scott stated.
http://support.microsoft.com/support/kb/articles/Q179/4/42.asp
Good luck!
---
Rik Guyler
,
This mail was processed by Mail essentials for Exchange/SMTP,
the email security & management gateway. Mail essentials adds
content checking, email encryption, anti spam, anti virus,
attachment compression, personalised auto responders, archiving
and more to your Microsoft Exchange Server or SMTP mail server.
For more information visit http://www.mailessentials.com
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
