NET USE Attempt Across Domains Fails Without Name Resolution (193836)
The information in this article applies to:
- Microsoft Windows NT Server 3.51
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Workstation 3.51
- Microsoft Windows NT Workstation 4.0
This article was previously published under Q193836 SYMPTOMS
When you attempt to use either Net.exe USE or Net.exe VIEW from a client in
a trusted domain to a domain controller in a trusting domain, you receive
the following error:
Event ID: 1311
Source: NetLogon
Type: Error
Description: There are currently no logon servers available to service
the logon request.
This error may occur in environments where Windows Internet Name Service
(WINS) is being used or where one or more LMHOSTS files are maintained on
the clients and servers. Communications utilities such as Ping.exe and
Tracert.exe will show that the interdomain communications are working
properly and that name resolution activity from the client is performing as
expected.
CAUSE
When a NET command to a remote system on another domain is initiated, the
current credentials (user name, password, domain) are passed as part of the
request. If the client is logged on to the trusted domain, those
credentials are used in the pass-through authentication process from the
domain controller in the trusting domain.
The domain controller in the trusting domain should be able to locate a
domain controller in the trusted domain through some type of name
resolution, normally from WINS or an LMHOSTS file. The failure in this
instance is that the domain controller receiving the NET command cannot use
pass-through authentication with the credentials provided to locate and
authenticate the client back to the trusted domain. The above error will
occur when one or more of the following conditions have been met:
- 00 (domain name), 1C, and 1B entries for the trusted domain are not
properly replicated from a WINS server in the trusted domain to a WINS
server used by the domain controller performing the pass-through
authentication.
- 00 (domain name), 1C, and 1B entries for the trusted domain have been
removed from, or are corrupted, in the WINS server database in the
trusting domain.
- If WINS is not used and an LMHOSTS file is present on the domain
controller performing the pass-through authentication, the necessary 00,
1C, and 1B entries are missing or are incorrectly entered in the file.
- If WINS is not used and an LMHOSTS file is NOT present on the domain
controller performing the pass-through authentication, the
authentication process will fail.
RESOLUTION
To allow cross-domain authentication, one or more domain controllers in the
trusting domain must be able to locate a domain controller in the trusted
domain. This capability can be provided by ensuring that the trusting
domain controllers have access to some type of NetBIOS name resolution
process that maintains the proper records (00 for domain name, 1B for
domain master browser, and 1C for multiple domain controllers).
When using WINS in this instance, it will be necessary to verify that the
domain controller or controllers in the trusting domain point to a WINS
server that maintains the correct entries for the trusted domain that the
client is logged on to. WINS replication between the two domains will be
required to populate the requisite WINS database on the trusting domain
from a WINS server in the trusted domain. If this replication cannot occur,
or the entries in the trusting domain's WINS server are corrupted and name
resolution is failing, the above-mentioned error will occur.
If WINS in not in use in the environment, an LMHOSTS file will be required
and should be located in %Winnt_Root%\System32\Drivers\Etc.
| Modification Type: | Major | Last Reviewed: | 8/9/2001 |
|---|
| Keywords: | kbnetwork kbprb KB193836 |
|---|
|