NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] UNSUBSCRIBE



No, your subscription is forever! :-(

**********************************
Roman Zeltser,
@National Computer Center,
RSIS & DNE



-----Original Message-----
From: Sharma, Pankaj [mailto:[email protected]]
Sent: Wednesday, May 22, 2002 3:37 PM
To: [email protected]
Subject: Re: [FW-1] Win2K Domain Thru FW-1 VPN v3.0b Failure


Please unsubscribe. Thanks.

-----Original Message-----
From: Chris McFarling [mailto:[email protected]]
Sent: Wednesday, May 22, 2002 3:07 PM
To: [email protected]
Subject: [FW-1] Win2K Domain Thru FW-1 VPN v3.0b Failure


[DC_A]  domain controller for mydomain.com
     |
     |
int_interface
[FireWall_A]
ext_interface
     |
     |
internet
     |
     |
ext_interface
[FireWall_B]
int_interface
     |
     |
[DC_B]  domain controller for myotherdomain.com

I'm trying to set up a Win2K domain forest consisting of 2 domain trees.
Both domains are behind FW-1 v3.0b (base, no build#). A VPN tunnel is in
place between both firewalls utilizing SKIP. The domain 'mydomain.com' is
the root domain of the forest. I want to add 'myotherdomain.com' to this
forest through the VPN. Both internal networks are using non-routable IP
addresses. Communication between both internal nets is functioning
properly--I can ping back-n-forth and mount shares from either side. When I
try to add myotherdomain.com to the domain forest by running dcpromo, the
process gets to the point of creating a trust relationship between the two
domains and then fails with the error "The remote procedure call failed and
did not execute." I ran a trace on both machines durring the domain joining
process and found that at a certain point DC_B sends an RPC Request to DC_A
but it never reaches its destination. There is nothing in either FW-1 log to
indicate that a problem has occurred. Both firewalls have "Enable RPC
Control" checked. I also edited fwui_head.def to uncomment the line " /*
#define RPC_OVER_TCP */ ". Microsoft has an RPC ping utility for testing RPC
connectivity. I ran this between the two domain controllers and had no
problems. This seems to definitely be related to some sort of RPC issue with
FW-1 though. FYI, I tried joining the two domains together when they were
both on the same subnet, basically removing FW-1 from the equation, and it
completed successfully.
I know this is an old version of FW-1 and that that might be the whole
problem alltogether. However, if something else is happening here, I'd love
to figure it out.

I've inculed links to the network captures below. These captures depict a
particular TCP session between these two machines that fails. Everything
goes as it should until DC_B sends packet #1908, an RPC Request, to DC_A.
That packet never reaches DC_A (it should have been #1487 on DC_A's capture)
which causes DC_A to eventually send a RST. What would cause this packet to
disappear like that?

http://www.crl.aps.vertisinc.com/temp1/DC_A.txt
http://www.crl.aps.vertisinc.com/temp1/DC_B.txt

--
Chris McFarling

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.