LinkBack URL
About LinkBacks
A few months ago, my N5200RouStor started develloping problems on syncronizing user accounts with my AD and had issues with SMB access after a test in which I connected the WAN interface to my perimiter network (to allow external FTP access) and the LAN interface to the inner network. This didn't work and I lost communication with the N5200 completely. I've returned to the original settings where only the WAN interface was connected to the inner network (since it's primarily used for SMB access).
I decided to remove the N5200 from the domain, and then rejoin again under the Administrator account. This came with a whole load of issues and I ended up only being able to rejoin the domain under a different account with Domain Admin privileges, but syncronisation with the AD was restored.
Now, this has worked for quite a couple of weeks, but stopped working a couple of weeks ago. Redid the procedure, but this didn't work either. What happens is the browser asks me for confirmation whether I'm sure I want to enable ADS, I click "yes", and it begins loading the page, but never finishes (like it's waiting for a response, but never receives one). During this operation (and many minutes after) the N5200 also stops being reachable under netbios name (it does still reply to a ping, but the webinterface won't load entering the hostname). However, when you try reaching on by entering the IP, the interface will come up strait away. After a while, using the NetBios name will work again as well.
Altough the operation never finishes with a success, it will still successfully generate a computer account in the ADS, but the N5200 will remain with the ADS option disabled.
Interesting enough, when you try joining the domain with a faulty password or an account that doesn't have permission, it'll throw an error saying either an incorrect password or an account with insufficient permissions is being used. Also in this scenario, when an account for the N5200 already exists in the domain it'll come back with a warning saying so, as opposed to the scenario where we use valid credentials.
Below I'll try and give some information about my network infrastructure since it's not your everyday SOHO setup.
My network is consisting out of a perimeter network in the 192.168.1.x subnet and a inner network in the 192.168.0.x subnet, seperated through a Linksys WRT-300. I'm connected to the internet using a Draytek Vigor 2800VGi.
I've got a Windows 2003 Small Business Server with a dual NIC running as a domain controller, one NIC attached to the perimeter network (firewalled used to expose IIS and Exchange to the Internet), one (unfirewalled) to the inner network, used for everything else + IIS and Exchange.
On the SBS server I've got two virtual servers running a LAMP and a Squid reverse Proxy server, both connected to the perimeter network with their own IPs in the 192.168.1.x subnet.
Internet <-- 2800VGi --> 192.168.1.x (SBS/LAMP/Squid)<-- WRT300 --> 192.168.0.x (SBS/N5200/Workstations)
The DHCP and DNS services are only running on the "LAN NIC", so on the 192.168.0.x subnet.
192.168.1.1 <--DMZ NIC (no DNS, DHCP, etc)--> SBS <--LAN NIC--> 192.168.0.1 (DNS, DHCP, etc)
DMZ NIC:
IP: 192.168.1.1
Subnetmask: 255.255.255.0
Default Gateway: 192.168.1.254
DNS: 192.168.1.254
LAN NIC:
IP: 192.168.0.1
Subnetmask: 255.255.255.0
Default Gateway: -
DNS: 192.168.0.1
The N5200 is connected through the WAN interface to a 5-port GB switch with all the network drives on, which is on it's turn connected to the main switch, a 3Com Baseline Switch 2816-SFP Plus (divided into two VLANs, one for the perimeter, one for the inner) on the inner VLAN. The LAN interface of the N5200 is not used, the subnet of the LAN interface is set to 192.168.254.x, DHCP server is turned off and IP sharing disabled.
DHCP in the perimeter network is handled by the Vigor, inner network is done by the SBS server using the following settings:
Subnetmask: 255.255.255.0
Default Gateway: 192.168.0.254 (WRT300, which on it's turn routes to 192.168.1.254, the Vigor)
DNS: 192.168.0.1 (SBS)
The N5200 has a reservation on IP 192.168.0.5.
To me, everything seems honkeydory. I've tried joining and removing Windows XP workstations into the domain using the same credentials which didn't cause any trouble at all.
Seeing the results when using the faulty credentials and the fact that it does create an account in the AD for the N5200, it seems it does communicate properly with the server initially, but somewhere along the line upon finishing, the communication appears to breaks down.
A problem that came into my mind is that the SBS server responds on the other NIC and therefor not reaching the N5200, but that would mean I couldn't join ANY computer attached through the inner network. The DNS name of the DC (SBS) does nicely resolve to the 192.168.0.1 address btw, so I'm sure the request is directed to this IP.
Any ideas on what could be the issue? If you'd like any more information or a more detailed schematic view on the infrastructure, I'd be happy to provide them.
Firmware used is 2.00.01.
Thanks in advance.
