Adding Domains Across Subnets

penguinking

I've got a D-Link 655 router and a 2Wire 2700-HGB router in my home network, with my domain controller located on my D-Link router (192.168.0 subnet). I'm trying to get a WinXP Pro desktop on my 2Wire router (192.168.1 subnet) added to my domain, but since my 2Wire has an extremely limited IOS (i.e. I don't see any tables I can statically edit to add routes detailing how to get from one subnet to the other), I'm at a loss as to what to do. Probably a simple fix, like the last thread I posted (http://www.techexams.net/forums/70-290-windows-2003-server/45435-trouble-adding-domain-user-pinging.html), but nonetheless an issue. My 2wire router is the one that connects directly to my ISP via PPPoE. My D-Link is properly recognized by the 2wire router (I can see it in 2wire's IOS, 192.168.1.80), and I can access my 2wire from my D-Link subnet.

EDIT1: So I found the static table page on my 2wire router, and I tried adding 192.168.0.0 as the subnet IP, 255.255.255.0 as the mask, and 192.168.1.80 as the gateway (that's the IP the 2wire router assigned my D-Link to via DHCP), but I'm not able to add the desktop to the domain or ping any of the computers (or the DC). However, the computers in the 192.168.0 subnet where my DC is located (controlled by my D-Link router) can in fact ping the computers I'm trying to add to the domain (located on the 1 subnet), just not the other way around. That is, I can not ping computers in the 0 subnet from a command prompt on a computer in the 1 subnet (where the 2wire is located), so maybe it's a configuration issue with my D-Link router blocking inbound requests from the 1 subnet. What setting on my D-Link would prevent me from pinging the 0 subnet from a computer on the 1 subnet, but not the other way around? Windows Firewalls are disabled and other proprietary firewalls are uninstalled.

EDIT2: Here's the error I get when trying to add a comp on subnet 1 (2wire) to my domain, which is located on subnet 0 (D-Link):

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain EAD.local:

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.EAD.local
Common causes of this error include the following:
- The DNS SRV record is not registered in DNS.
- One or more of the following zones do not include delegation to its child zone:
EAD.local
local
. (the root zone)
For information about correcting this problem, click Help.

dynamik

You can't get to this page: 2WIRE MDC - Static Routes ?

penguinking

Ah, OK, I finally found that page. I tried adding 192.168.0.0 as the subnet IP, 255.255.255.0 as the mask, and 192.168.1.80 as the gateway (that's the IP the 2wire router assigned my D-Link to via DHCP), but I'm not able to add the desktop to the domain or ping any of the computers (or the DC).

penguinking

However, computers in the 192.168.0 subnet where my DC is located (controlled by my D-Link router) can in fact ping the computers I'm trying to add to the domain (located on the 1 subnet), just not the other way around. That is, I can not ping computers in the 0 subnet from a command prompt on a computer in the 1 subnet (where the 2wire is located), so maybe it's a configuration issue with my D-Link router blocking inbound requests from the 1 subnet. What setting on my D-Link would prevent me from pinging the 0 subnet from a computer on the 1 subnet, but not the other way around?

Windows Firewalls are disabled and other proprietary firewalls are uninstalled.

penguinking

So after doing a little research I found this little tidbit on Wikipedia about the type of firewall on my D-Link 655 router:

Microsoft's latest operating systems, Windows Vista and Windows 7, uses TCP window scaling for non-http (web) connections. So do Linux kernels from versions 2.6.8 on. This behavior is incompatible with some firewalls that use SPI (Stateful Packet Inspection) as found in routers like the Checkpoint NG R55, Cisco PIX earlier than v6.3.1, NetApp Cache Appliances, SonicWall, D-Link DI-724U, Netgear WGR614, and Linksys WRT54GS.[1] This may be related to previous failures to work properly. Pre-released (beta) versions of Vista allegedly had more problems, including failed http (web) connections through SPI firewalls.[2]

As my D-Link definitely uses SPI, I disabled it, but still had no luck. Any ideas or help would be useful from anyone that thinks, like I do, that it's a hardware firewall issue. Of course, I'm trying to connect to a Windows Server 03 DC, but of course the 03 Server code base was used to build Vista anyway (and from there Windows 7).

Claymoore

Evan Lieb wrote: »

However, computers in the 192.168.0 subnet where my DC is located (controlled by my D-Link router) can in fact ping the computers I'm trying to add to the domain (located on the 1 subnet), just not the other way around. That is, I can not ping computers in the 0 subnet from a command prompt on a computer in the 1 subnet (where the 2wire is located), so maybe it's a configuration issue with my D-Link router blocking inbound requests from the 1 subnet. What setting on my D-Link would prevent me from pinging the 0 subnet from a computer on the 1 subnet, but not the other way around?

Windows Firewalls are disabled and other proprietary firewalls are uninstalled.

Try using a different subnet than 192.168.0. 192.168.0 should be an unroutable subnet if the firewall is strictly RFC compliant. Windows routing isn't RFC compliant so it can use .0 subnets and cisco routers can use them with the command 'ip subnet zero', but your D-Link may not be able to route to those subnets. Create a new 192.168.2 subnet and move your DCs there.

penguinking

^ Yeah, good idea, I hand't thought of that. Unfortunately it still didn't work. I can't add the machine from the 1 subnet to the 2 subnet where the DC now resides. Is there a checklist I should be looking at to make sure the D-Link isn't blocking incoming DNS requests to the the DC?