Accessing DFS namespace from another domain (crossdomain) on Windows Server 2008
You will need a trust between domains unless you are happy to provide alternate credentials when prompted. If you have the same username and password in both domains, it might authenticate using NTLM even without trust.
Port 445 is whats used for DFS. I'd take a network trace on client side to see how far you get. See https://docs.microsoft.com/en-us/archive/blogs/josebda/understanding-windows-server-2008-dfs-n-by-analyzing-network-traces for more details of deciphering the network trace.
Related videos on Youtube
46 : 44
21 : 58
08 : 29
01 : 29
17 : 31
LPE
Updated on September 18, 2022Comments
-
LPE almost 2 years
Our setup right now is 1 "main" machine and two webservers. The main machine have a DFS namespace called 'foo' which both the webservers uses as their webroot directory.
This works like a charm if I type \mainserver\foo on a machine in the same domain, but unfortunately our developers are joined to a different domain and so they get a "Windows cannot access \mainserver\foo, make sure your spelling are correct".
Is there any way around this? Maybe adding trust between the two domains or something?
Everything is set up using Windows Server 2008 Standard and the clients are all Windows 7.
Regards
-
joeqwerty almost 13 yearsThis sounds like a name resolution problem to me. Can the developers resolve the name mainserver? What happens when they ping the name mainserver? -
LPE almost 13 yearsNot just by trying to look up 'mainserver', but they can with 'mainserver.domain.company.com', ie. the complete name. But they can not open the folder even if they type \\mainserver.domain.company.com\foo
-
joeqwerty almost 13 yearsI'm a little confused, do they have name resolution for mainserver.domain.company.com? If so, does it resolve correctly? Any firewalls between them and the server?
-
LPE almost 13 yearsyes, they have the correct resolution when they look up mainserver.domain.company.com, and yeah there's a firewall, should something specific about just DFS be opened? Right now there's only the active directory magic ports opened along with a few others
-
-
LPE almost 13 yearsWe are very happy with providing credentials, so that's not a problem. and we do have access too \\mainserver.domain.company.com\c$ after entering the credentials, but not the namespace. ie. \\mainserver.domain.company.com\foo, but I'll try to open up port 445 and see if that makes any difference.
-
maweeras almost 13 yearsIf you can access C$ that proves 445 is open. I would still look at that network trace.
