Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
Split network and cant access resources

Discussion Split network and cant access resources

  • Friday, June 15, 2012 7:49 AM
     
     
    Sign In to Vote
    0

    Hi all

    I am working at a school and have a strange problem which i have lost all my brain knowledge over now.

    Brief setup

    Site 1 - Admin - 10.12.106.0 - 255.255.255.0
                  Curriculum - 10.12.108.0 - 255.255.255.0

    Site 2 - 10.13.156.0 - 255.255.252.0

    Way this is setup is, admin should be able to access curriculum network but curriculum cant access admin network. I can ping both networks i can RDP to both networks from my admin machine. But before when i use to from admin machine browse to a share in curriculum i was in instantly, now i get access is denied and have to log in. It seems its not authenticating using the admin details. same for printers, they are all on 108 subnet but 106 cant access it. Can someone tell me what to look for? i am losing hair over this now. thanks in advance

    we have had a new internet service provider recently and they have replaced firewall. They say everything is fine from there side, the ports are open. as i said i can RDP across both sites but just cant seem to access resources. Not sure if its DNS issue or still firewall issue.

     

All Replies

  • Friday, June 15, 2012 1:51 PM
     
     
    Sign In to Vote
    0

    Are these all part of the same domain?  When there is a firewall in between domain subnets, for authentication to work, the accessed machine must be able to connect to a domain controller.  Here is a link to the ports required by AD via a firewall: http://support.microsoft.com/kb/179442

    Note that the RPC ports are dynamic by default (the same with Exchange), so to make this work through a firewall, you must define (or restrict) which ports to use, here is the article on how to do that:  http://support.microsoft.com/kb/224196

    Check with your ISP and make sure these are open in the new firewall, they may have opened the ports for RDP and are allowing ICMP, but did not open NBT, SMB, DNS, LDAP, etc...

     
  • Friday, June 15, 2012 4:10 PM
     
     
    Sign In to Vote
    0

    Hello

    Try telnet from 10.12.106.0 to 10.12.108.0 on port 53,389,139,138,3268,445

    if it goes well then there are least chance that issue from firewall

    Also try recalling any immediate infrastructure change/upgrade

    Hope it helps __________________________ Best regards Sarang Tinguria MCP, MCSA, MCTS Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

     
  • Monday, June 18, 2012 7:24 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi,

    Thanks for posting here.

    What about the topologic ? The new replaced firewall, is this device act as a router device and connects with both admin and curriculum subnets?

    Were we still about to access these resources after input the proper credentials (domain admin)?

    Thanks.

    Tiger Li

    Tiger Li

    TechNet Community Support

     
  • Tuesday, July 10, 2012 9:02 AM
     
     
    Sign In to Vote
    0

    Hi all sorry for delay.

    it turned out the firewall wasnt properly configured.

    it now is reconfigured and its working ok again.

    many thanks for your help