Windows 2k domain / networking issue

[Chuck]

Hi,

I've got two servers on a domain which for various reasons are on a DMZ (packets need to go through the firewall to get to the PDC/BDC).

For some reason every so often (about 4 monthly intervals) one of them will seem to drop off the domain. When the other server on the same subnet tries to make a TCP connection it doesn't seem to get connected (ends up in the TIME_WAIT state).

Moving the server back onto the same subnet as the PDC, re-adding it to the domain, and then moving it back to the DMZ seems to fix the problem, but does anyone know why this is happening in the first place? I allow all Net Bios stuff though the firewall in both directions. And I don't see anything except broadcast traffic being blocked.

The other bizzare thing is that I can't add the server to the domain when in the DMZ. It almost immediately returns an error saying that there is no DNS servers (which is odd because I don't use DNS - just wins - which are all entered correctly, and allowed through the firewall).

Any help in this matter would be greatly apreciated.

Thanks

 

[spyordie007]

The other bizzare thing is that I can't add the server to the domain when in the DMZ. It almost immediately returns an error saying that there is no DNS servers (which is odd because I don't use DNS - just wins - which are all entered correctly, and allowed through the firewall).

This is probably why, you do use DNS because you use Active Directory which is built upon DNS. Allowing the DNS lookups across the networks may very well solve your problem.

-Spy

 

[Chuck]

Sorry I think my subject has confused my question. Its an NT4 domain with these two win 2k servers. So no AD. Should have read 'Windows 2k - domain / networking issue' I guess.

 

[SoulAssassin]

What SP are you running on the DC's? I vaguely remember a similar problem we had a while back that was related to a problem in SP4. I've also seen problems where network connectivity problems can cause computer accounts to become locked. M$ was unable to provide a fix to that and said 'fix your network'. I'd check your firewall to see if there were any problems around the same time. Hard one to troubleshoot, good luck.

 

[Chuck]

SP6. Part of the reason I say that it seems to have 'fallen off the network' is that when i logged into the server in question it didn't say 'you have x days left until your password expires' which it should have said.

Does anyone have any good documentation about exactly what ports windows needs to communicate through in a situation like this (servers on different subnets). It doesn't help that I don't really understand how it works out what the DC IP address is (it doesn't ever seem to use WINS).

If I do a nbtstat -a <DOMAIN NAME> that fails. Which it shouldn't I think.