I have a domain ABC.local in the DMZ and domain XYZ.local on our inside network (All Windows 2003 servers). The networks are linked through a PIX 525 firewall.
dmz----------------inside
[ABC]---[PIX]---[XYZ]
I create an external trust but when I try to validate the trust on either side it gives me an error about no logon servers being available.
I opened firewall ports 135, 88, 389, 3268, 3269, 137-139, 445 between the the DC's.
What else is missing? If DNS is involved, how/where are the necessary lines created?
2007-03-28 12:00:32 · 3 answers · asked by soulblazer28 2 in Computers & Internet ➔ Computer Networking
You'll definitely need 53/UDP (DNS) open, for starters.
Once you're allowing DNS traffic between teh DMZ and the internal network, you'll have to setup the DNS servers in each domain to allow zone transfers between one another (i.e. between domain ABC.local and XYZ.local)....setup secondary zones in each domain for the other, trusted domain. If you have no idea how to do this...see here:
http://searchwinit.techtarget.com/expert/KnowledgebaseAnswer/0,289625,sid1_gci1101656,00.html
Now that we're done with that, you can setup the trust!
Oh, and for a list of ports needed by Windows Server for AD and such...see here:
http://support.microsoft.com/kb/179442/en-us
And I feel I need to say this....NEVER FORGET HOW IMPORTANT DNS IS TO ACTIVE DIRECTORY! Most of the AD problems I see are really DNS issues.
Good luck.
2007-03-28 21:12:28 · answer #1 · answered by makeda m 4 · 0⤊ 0⤋
hi
2007-04-01 10:55:17 · answer #2 · answered by FireStone 2 · 0⤊ 0⤋
For it you need ssl certificate. you can contact ssl certificate provider at http://www.urlstate.com
2007-03-29 00:11:04 · answer #3 · answered by Anonymous · 0⤊ 2⤋