KnowledgeBase Archive

An Archive of Early Microsoft KnowledgeBase Articles

View on GitHub

Q193836: NET USE Attempt Across Domains Fails Without Name Resolution

Article: Q193836
Product(s): Microsoft Windows NT
Version(s): WinNT:3.51,4.0
Operating System(s): 
Keyword(s): kbnetwork
Last Modified: 09-AUG-2001

-------------------------------------------------------------------------------
The information in this article applies to:

- Microsoft Windows NT Server versions 3.51, 4.0 
- Microsoft Windows NT Workstation versions 3.51, 4.0 
-------------------------------------------------------------------------------

SYMPTOMS
========

When you attempt to use either Net.exe USE or Net.exe VIEW from a client in a
trusted domain to a domain controller in a trusting domain, you receive the
following error:

  Event ID: 1311
  Source: NetLogon
  Type: Error
  Description: There are currently no logon servers available to service
               the logon request.

This error may occur in environments where Windows Internet Name Service (WINS)
is being used or where one or more LMHOSTS files are maintained on the clients
and servers. Communications utilities such as Ping.exe and Tracert.exe will show
that the interdomain communications are working properly and that name
resolution activity from the client is performing as expected.

CAUSE
=====

When a NET command to a remote system on another domain is initiated, the
current credentials (user name, password, domain) are passed as part of the
request. If the client is logged on to the trusted domain, those credentials are
used in the pass-through authentication process from the domain controller in
the trusting domain.

The domain controller in the trusting domain should be able to locate a domain
controller in the trusted domain through some type of name resolution, normally
from WINS or an LMHOSTS file. The failure in this instance is that the domain
controller receiving the NET command cannot use pass-through authentication with
the credentials provided to locate and authenticate the client back to the
trusted domain. The above error will occur when one or more of the following
conditions have been met:

- 00 (domain name), 1C, and 1B entries for the trusted domain are not properly
  replicated from a WINS server in the trusted domain to a WINS server used by
  the domain controller performing the pass-through authentication.

- 00 (domain name), 1C, and 1B entries for the trusted domain have been removed
  from, or are corrupted, in the WINS server database in the trusting domain.

- If WINS is not used and an LMHOSTS file is present on the domain controller
  performing the pass-through authentication, the necessary 00, 1C, and 1B
  entries are missing or are incorrectly entered in the file.

- If WINS is not used and an LMHOSTS file is NOT present on the domain
  controller performing the pass-through authentication, the authentication
  process will fail.

RESOLUTION
==========

To allow cross-domain authentication, one or more domain controllers in the
trusting domain must be able to locate a domain controller in the trusted
domain. This capability can be provided by ensuring that the trusting domain
controllers have access to some type of NetBIOS name resolution process that
maintains the proper records (00 for domain name, 1B for domain master browser,
and 1C for multiple domain controllers).

When using WINS in this instance, it will be necessary to verify that the domain
controller or controllers in the trusting domain point to a WINS server that
maintains the correct entries for the trusted domain that the client is logged
on to. WINS replication between the two domains will be required to populate the
requisite WINS database on the trusting domain from a WINS server in the trusted
domain. If this replication cannot occur, or the entries in the trusting
domain's WINS server are corrupted and name resolution is failing, the
above-mentioned error will occur.

If WINS in not in use in the environment, an LMHOSTS file will be required and
should be located in %Winnt_Root%\System32\Drivers\Etc.

MORE INFORMATION
================

For additional information, please see the following articles in the Microsoft
Knowledge Base:

  Q150800 Domain Browsing with TCP/IP and LMHOSTS Files

  Q185786 Recommended Practices for WINS

  File Name: WINSWP.DOC
  Location : ftp://ftp.microsoft.com/bussys/winnt/winnt-docs/papers/
  Title : "Windows Internet Naming Service (WINS)" (Page 24)

Additional query words: wins lmhosts browsing netlogon domains trusts

======================================================================
Keywords          : kbnetwork 
Technology        : kbWinNTsearch kbWinNTWsearch kbWinNTW400 kbWinNTW400search kbWinNT351search kbWinNT400search kbWinNTW351search kbWinNTW351 kbWinNTSsearch kbWinNTS400search kbWinNTS400 kbWinNTS351 kbWinNTS351search
Version           : WinNT:3.51,4.0
Issue type        : kbprb

=============================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Copyright Microsoft Corporation 1986-2002.