Deji Akomolafe

 Search



Just Saying

 Just Saying Minimize
    

 We know IT Minimize
      
We've got the Proof

 Contact Us Minimize
      
General Inquiries
contact@readymaids.com
Sales
presales@readymaids.com
Technical Support
Support@readymaids.com
Emergency Support
911@readymaids.com  

 SPAM? What SPAM? Minimize
      

Get Commtouch Anti-Spam Enterprise Gateway evaluation software


   Minimize
      

 


 It works on physical hardware ..... and it works in Virtual Server, too! Minimize
  
Location: BlogsTechnically Rambling    
Posted by: Deji Akomolafe 12/20/2005

It works on physical hardware ..... and it works in Virtual Server, too!


There have been reports that some configurations that work fine in physical hardware environments are failing to work in virtualized environments.
See:
http://blogs.dirteam.com/blogs/jorge/default.aspx
http://blogs.dirteam.com/blogs/jorge/archive/2005/12/18/297.aspx
 
In both instances, the writer uses EMC’s VMWare virtualization products. The writer’s experience has also been corroborated by other knowledgeable people: 
http://www.mail-archive.com/activedir%40mail.activedir.org/msg37406.html


So, in light of that, I set out to test another virtualization product – the MS Virtual Server 2005 R2 edition – to see if that is also afflicted by the symptoms.

Here’s our setup:

  • 2 Forests – Akara.loc and Kokoro.loc
  • Each Forest has a child domain – Dodo.akara.loc and ant.kokoro.loc
  • The Admin password for EACH domain is DIFFERENT


Both Forests are at Windows 2003 Forest Functional Levels, as shown here:


The first thing we did is configure a corresponding Stub zone of each Forest zone on the opposite side.


Currently there is only one (Parent-Child) trust in place.

 
We will create another one:


Kokoro.loc is our peer Forest that we want to establish a trust with.


Let’s do a 2-way external trust first, just for giggles



Killing 2 birds with one stone :)


We supply the credentials for the OTHER forest (kokoro.loc). Remember, the passwords are different between both forests.


Let’s do the “domain-wide” option.


OK, we are done, let’s make it happen


We are going to confirm the trust on both side, just to be sure



Yippppeeee!!! It works!!!


See? We got the nifty “SID Filtering disabled” notification, so we know we are not dreaming :)



Here, another proof that it did work.


 
Let’s try creating a Forest Trust – which the original writer also had troubles with in VMWare.

First we remove the existing “External” trusts on both sides. This (both sides option) doesn’t usually work, and I usually end up deleting the corresponding Trust on the other DC. But this has nothing to do with the environment (physical or Virtual) in question.


The peer Forest is still kokoro.loc


We are going to do a 2-way Forest Trust this time.



Again the credentials for the target Forest.


Let’s do Forest-Wide Auth, just to keep things simple.

 
Now that we are done, let’s just confirm that we actually did it.

 
See? I told you it works :) See? See?


In case you still don’t believe....... Here, see? It works!
Permalink |  Trackback

 Just Saying Minimize
      

 Just Saying Minimize