Hi all I am working at a school and have a strange problem which i have lost all my brain knowledge over now. Brief setup Site 1 - Admin - 10.12.106.0 - 255.255.255.0 Curriculum - 10.12.108.0 - 255.255.255.0 Site 2 - 10.13.156.0 - 255.255.252.0 Way this is setup is, admin should be able to access curriculum network but curriculum cant access admin network. I can ping both networks i can RDP to both networks from my admin machine. But before when i use to from admin machine browse to a share in curriculum i was in instantly, now i get access is denied and have to log in. It seems its not authenticating using the admin details. same for printers, they are all on 108 subnet but 106 cant access it. Can someone tell me what to look for? i am losing hair over this now. thanks in advance we have had a new internet service provider recently and they have replaced firewall. They say everything is fine from there side, the ports are open. as i said i can RDP across both sites but just cant seem to access resources. Not sure if its DNS issue or still firewall issue.

Are these all part of the same domain? When there is a firewall in between domain subnets, for authentication to work, the accessed machine must be able to connect to a domain controller. Here is a link to the ports required by AD via a firewall: http://support.microsoft.com/kb/179442 Note that the RPC ports are dynamic by default (the same with Exchange), so to make this work through a firewall, you must define (or restrict) which ports to use, here is the article on how to do that: http://support.microsoft.com/kb/224196 Check with your ISP and make sure these are open in the new firewall, they may have opened the ports for RDP and are allowing ICMP, but did not open NBT, SMB, DNS, LDAP, etc...

Hello Try telnet from 10.12.106.0 to 10.12.108.0 on port 53,389,139,138,3268,445 if it goes well then there are least chance that issue from firewall Also try recalling any immediate infrastructure change/upgrade Hope it helps __________________________ Best regards Sarang Tinguria MCP, MCSA, MCTS Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

Hi, Thanks for posting here. What about the topologic ? The new replaced firewall, is this device act as a router device and connects with both admin and curriculum subnets? Were we still about to access these resources after input the proper credentials (domain admin)? Thanks. Tiger LiTiger Li TechNet Community Support

Hi all sorry for delay. it turned out the firewall wasnt properly configured. it now is reconfigured and its working ok again. many thanks for your help