[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] UNSUBSCRIBE
No, your subscription is forever! :-( ********************************** Roman Zeltser, @National Computer Center, RSIS & DNE -----Original Message----- From: Sharma, Pankaj [mailto:[email protected]] Sent: Wednesday, May 22, 2002 3:37 PM To: [email protected] Subject: Re: [FW-1] Win2K Domain Thru FW-1 VPN v3.0b Failure Please unsubscribe. Thanks. -----Original Message----- From: Chris McFarling [mailto:[email protected]] Sent: Wednesday, May 22, 2002 3:07 PM To: [email protected] Subject: [FW-1] Win2K Domain Thru FW-1 VPN v3.0b Failure [DC_A] domain controller for mydomain.com | | int_interface [FireWall_A] ext_interface | | internet | | ext_interface [FireWall_B] int_interface | | [DC_B] domain controller for myotherdomain.com I'm trying to set up a Win2K domain forest consisting of 2 domain trees. Both domains are behind FW-1 v3.0b (base, no build#). A VPN tunnel is in place between both firewalls utilizing SKIP. The domain 'mydomain.com' is the root domain of the forest. I want to add 'myotherdomain.com' to this forest through the VPN. Both internal networks are using non-routable IP addresses. Communication between both internal nets is functioning properly--I can ping back-n-forth and mount shares from either side. When I try to add myotherdomain.com to the domain forest by running dcpromo, the process gets to the point of creating a trust relationship between the two domains and then fails with the error "The remote procedure call failed and did not execute." I ran a trace on both machines durring the domain joining process and found that at a certain point DC_B sends an RPC Request to DC_A but it never reaches its destination. There is nothing in either FW-1 log to indicate that a problem has occurred. Both firewalls have "Enable RPC Control" checked. I also edited fwui_head.def to uncomment the line " /* #define RPC_OVER_TCP */ ". Microsoft has an RPC ping utility for testing RPC connectivity. I ran this between the two domain controllers and had no problems. This seems to definitely be related to some sort of RPC issue with FW-1 though. FYI, I tried joining the two domains together when they were both on the same subnet, basically removing FW-1 from the equation, and it completed successfully. I know this is an old version of FW-1 and that that might be the whole problem alltogether. However, if something else is happening here, I'd love to figure it out. I've inculed links to the network captures below. These captures depict a particular TCP session between these two machines that fails. Everything goes as it should until DC_B sends packet #1908, an RPC Request, to DC_A. That packet never reaches DC_A (it should have been #1487 on DC_A's capture) which causes DC_A to eventually send a RST. What would cause this packet to disappear like that? http://www.crl.aps.vertisinc.com/temp1/DC_A.txt http://www.crl.aps.vertisinc.com/temp1/DC_B.txt -- Chris McFarling ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|