Hello,
Long time reader, first post :)
Environment:
Windows server 2008, which serves as DC, DNS server - This server is placed in the perimeter network (DMZ)
Windows Server 2003 which serves as DC, DNS server - This server is placed in the internal network (LAN).
So I have successfully created a one way trust between the domain controllers. DMZ trust LAN. I want my internal users to access resources in the perimeter. I can add users internal users to domain local groups in the DMZ domain, no problem.
Example of problem: I add the group (with my internal user) to local administrators on a server member of the DMZ domain. This should allow me to remotely logon the server with the internal user on the given DMZ server. This gives me an error (failed to login..).
I check the Firewall logs and the DMZ member server tries to contact my internal DC on port 389 - and gets denied. I guess this is wrong? Should it not go trough my external DC and gain access that way around?
Firewall configuration:
Source "DMZ DC" Destination "LAN DC"
open for:
tcp/udp 389
tcp/udp 88
tcp 1025
tcp 135
tcp 3268
tcp 445
Thanks for any help, ive been stuck here for a while now :(
/Splint
Bookmarks