Trust Issues, Please Help (VPN)

Hi, I'm having some difficulties getting users from a different location to
access files on one of our Servers. Here is the situations:

Server1 = Windows 2000 Server
Server2 = Windows 2003 Server

(VPN here)

Server3 = Windows 2000 Server

Server1 & Server2 are both domain controllers at location "A". Same Domain
name. Server2 was brought up as a replica to Server1, and then the Roles
were moved to it. Server3 is also a Domain controller (different Domain
name) at location "B" and communicates with our location "A" servers via a
VPN (firewall configured)

Users from Server1 & Server2 (same users since same domain) can access
shares on Server3 without any problems.

Users from Server3 can access shares on Server1 without any problems, but
cannot access shares on Server2. They are not even prompt to logon or
anything.

This issue is driving me a little insane, as I plan on removing Server1...
but if I do that, then I've lost my only communication path for Server3 to
our "A" location.

Please help.

Thanks,
Sam

Please review your post. While you tell us "Server3 is a differnet domain
name" then how can "users from Server1 & Server2 (same users since same
domain) can access shares on Server3 without any problems."?

--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights

Hi Todd,

Thanks for the reply. What I wrote is correct, but may not be clear though.

The three servers all servers have some shared folders.

All users from Server1 and Server2 (both domain controllers on same Domain
name at Location "A") can access the shared folders on Server3 at Location
"B" (which is a different Domain name).

Users from Server3 at Location "B" can access shares on Server1 (at location
A), but cannot access shares on Server2 (this is the Windows2003 Server).

Server1 and Server2 are on a 192.168.0.X network, and Server3 is on a
192.168.5.X network.

Hope that clarifies the configuration a little.

Thanks again.




"Todd J Heron" <> wrote in message
news:%...
> Please review your post. While you tell us "Server3 is a differnet domain
> name" then how can "users from Server1 & Server2 (same users since same
> domain) can access shares on Server3 without any problems."?
>
> --
> Todd J Heron, MCSE
> Windows Server 2003/2000/NT; CCA
> ----------------------------------------------------------------------------
> This posting is provided "as is" with no warranties and confers no rights
>

I guess to answer your question.... Two-Way Trusts are allowing Users from
each domain to access shared folders on the other domain. I've tried to
verify and/or recreate the Trusts between the domains, but it doesn't let me
(however, the Trust between the two domains is still in place??)

Anyway, over my head... which is why I'm asking for some help here.

Thanks,
Sam





"Sam Manzella" <> wrote in message
news:...
> Hi Todd,
>
> Thanks for the reply. What I wrote is correct, but may not be clear
> though.
>
> The three servers all servers have some shared folders.
>
> All users from Server1 and Server2 (both domain controllers on same Domain
> name at Location "A") can access the shared folders on Server3 at Location
> "B" (which is a different Domain name).
>
> Users from Server3 at Location "B" can access shares on Server1 (at
> location A), but cannot access shares on Server2 (this is the Windows2003
> Server).
>
> Server1 and Server2 are on a 192.168.0.X network, and Server3 is on a
> 192.168.5.X network.
>
> Hope that clarifies the configuration a little.
>
> Thanks again.
>
>
>
>
> "Todd J Heron" <> wrote in message
> news:%...
>> Please review your post. While you tell us "Server3 is a differnet domain
>> name" then how can "users from Server1 & Server2 (same users since same
>> domain) can access shares on Server3 without any problems."?
>>
>> --
>> Todd J Heron, MCSE
>> Windows Server 2003/2000/NT; CCA
>> ----------------------------------------------------------------------------
>> This posting is provided "as is" with no warranties and confers no rights
>>
>
>

Your trusts are working fine based on your description. Guessing here now,
but it may be an SMB-signing issue on the 2003 server. You may need to
relax the security a little bit to allow access.

On the server, open up Group Policy snap-in and browse to:

Security Settings\Local Policies\Security Options

Disable the following settings:

Microsoft network server: Digitally sign communications (always)
Microsoft network client: Digitally sign communications (always)

--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights

Thanks Todd. I just disabled both those settings from:

"Default Domain Controller Security Settings" and "Default Domain Security
Settings"

I logged off and logged back on (Server2).

At that point, I asked a user from Location B to access the share (I sent
them a link to a shared folder on Server2), but it still didn't work. I had
that user Logoff and log back on to make sure, but still no luck.

The user gets an error that says "Cannot find file (sharename). Make sure
path or internet address is correct" << wording may not be exact, but it's
along those lines.

I also included a link to a share on Server1, and as before, that worked
fine.

???????








"Todd J Heron" <> wrote in message
news:%...
> Your trusts are working fine based on your description. Guessing here
> now,
> but it may be an SMB-signing issue on the 2003 server. You may need to
> relax the security a little bit to allow access.
>
> On the server, open up Group Policy snap-in and browse to:
>
> Security Settings\Local Policies\Security Options
>
> Disable the following settings:
>
> Microsoft network server: Digitally sign communications (always)
> Microsoft network client: Digitally sign communications (always)
>
> --
> Todd J Heron, MCSE
> Windows Server 2003/2000/NT; CCA
> ----------------------------------------------------------------------------
> This posting is provided "as is" with no warranties and confers no rights
>