|
Posted by Will on September 25, 2007, 7:41 pm
Please log in for more thread options > That's correct, I was just re-stating previous posts regardind to that
> resolution mechanism.
>
> Regarding to the Access is DENIED error, did you tried the KB that I
> provided you?
Maybe I'm thinking of the wrong one, but the KB you sent was for resetting
the password of a domain controller?
That sounds like a serious thing to do, potentially destabilizing, and why
would it be an appropriate step to take when it is the client that is
malforming a Kerberos request to use the DC? I'm willing to try it if
there is a reason to try it, but it seemed a bit random.
--
Will
>>> Network browsing is NetBIOS resolution dependent, that's by design, in
>>> different subnets you need WINS.
>>
>> We are not using Network Browsing, if by that you mean the use of Network
>> Neighborhood. When you turn off NetBIOS over TCP you lose that
>> capability entirely.
>>
>> We were issuing command line net view \DC4 which is a specific command
>> directed at specific hostname, resolvable through DNS.
>>
>> --
>> Will
>>
>>>>> Do you point your dc to a WINS server on its NIC configuration? It
>>>>> needs
>>>> to
>>>>> be on the same subnet as where you are attempting this test or be
>>>> registered
>>>>> with a WINS server.
>>>>
>>>> We haven't used WINs in seven years, and nearly every machine we have
>>>> is on
>>>> a different subnet. We turn off NetBIOS over TCP, and ports 137,
>>>> 138, and
>>>> 139 are dirty words in our office. :)
>>>>
>>>> In any case, I don't see any attempt by client to locate the server by
>>>> any
>>>> method other than DNS. The problem is the client is sending out a
>>>> Kerberos
>>>> request just for this one DC using some malformed Kerberos request and
>>>> getting back a rejection. All of that activity takes place between
>>>> client
>>>> and another DC on port 88 (from memory).
>>>>
>>>> Note that from my example, DC1, DC2, DC3, and DC4 are all on different
>>>> subnets than the client. Net View works to all DCs except DC4. So
>>>> subnetting is not the unique variable associated with the failure case.
>>>>
>>>> --
>>>> Will
>>
>>
>
>
| 
XML Sitemap