[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Win2K Domain Thru FW-1 VPN v3.0b Failure
Hi David, Who can you I get in touch with about providing my services as a Contractor? Thanks --- David Gillett <[email protected]> wrote: > Why would/should I unsubscribe? I like being on > this list, and I read the > messages -- sometimes, all the way to the end. > > > -----Original Message----- > > From: Mailing list for discussion of Firewall-1 > > > [mailto:[email protected]]On > Behalf Of > > Sharma, Pankaj > > Sent: Wednesday, May 22, 2002 12:37 PM > > To: [email protected] > > Subject: Re: [FW-1] Win2K Domain Thru FW-1 VPN > v3.0b Failure > > > > > > Please unsubscribe. Thanks. > > > > -----Original Message----- > > From: Chris McFarling > [mailto:[email protected]] > > Sent: Wednesday, May 22, 2002 3:07 PM > > To: [email protected] > > Subject: [FW-1] Win2K Domain Thru FW-1 VPN v3.0b > Failure > > > > > > [DC_A] domain controller for mydomain.com > > | > > | > > int_interface > > [FireWall_A] > > ext_interface > > | > > | > > internet > > | > > | > > ext_interface > > [FireWall_B] > > int_interface > > | > > | > > [DC_B] domain controller for myotherdomain.com > > > > I'm trying to set up a Win2K domain forest > consisting of 2 > > domain trees. > > Both domains are behind FW-1 v3.0b (base, no > build#). A VPN > > tunnel is in > > place between both firewalls utilizing SKIP. The > domain > > 'mydomain.com' is > > the root domain of the forest. I want to add > > 'myotherdomain.com' to this > > forest through the VPN. Both internal networks are > using > > non-routable IP > > addresses. Communication between both internal > nets is functioning > > properly--I can ping back-n-forth and mount shares > from > > either side. When I > > try to add myotherdomain.com to the domain forest > by running > > dcpromo, the > > process gets to the point of creating a trust > relationship > > between the two > > domains and then fails with the error "The remote > procedure > > call failed and > > did not execute." I ran a trace on both machines > durring the > > domain joining > > process and found that at a certain point DC_B > sends an RPC > > Request to DC_A > > but it never reaches its destination. There is > nothing in > > either FW-1 log to > > indicate that a problem has occurred. Both > firewalls have "Enable RPC > > Control" checked. I also edited fwui_head.def to > uncomment > > the line " /* > > #define RPC_OVER_TCP */ ". Microsoft has an RPC > ping utility > > for testing RPC > > connectivity. I ran this between the two domain > controllers and had no > > problems. This seems to definitely be related to > some sort of > > RPC issue with > > FW-1 though. FYI, I tried joining the two domains > together > > when they were > > both on the same subnet, basically removing FW-1 > from the > > equation, and it > > completed successfully. > > I know this is an old version of FW-1 and that > that might be the whole > > problem alltogether. However, if something else is > happening > > here, I'd love > > to figure it out. > > > > I've inculed links to the network captures below. > These > > captures depict a > > particular TCP session between these two machines > that fails. > > Everything > > goes as it should until DC_B sends packet #1908, > an RPC > > Request, to DC_A. > > That packet never reaches DC_A (it should have > been #1487 on > > DC_A's capture) > > which causes DC_A to eventually send a RST. What > would cause > > this packet to > > disappear like that? > > > > http://www.crl.aps.vertisinc.com/temp1/DC_A.txt > > http://www.crl.aps.vertisinc.com/temp1/DC_B.txt > > > > -- > > Chris McFarling > > > > ================================================= > > To set vacation, Out Of Office, or away messages, > > send an email to [email protected] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [email protected] > > ================================================= > > > > ================================================= > > To set vacation, Out Of Office, or away messages, > > send an email to [email protected] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [email protected] > > ================================================= > > > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= __________________________________________________ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|