cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Setting up Managed BE with CASO, Domain Issues

AKSM-IT
Level 3

‎06-03-2013 08:46 AM

Support Forum,

I will start off by saying I am not an Network Engineer.  I am just a programmer/analyst trying to cover an engineer job.

We have been having trouble backing up remote locations from our BE 2012 server.  We had a conference call with Symantec and they suggested we go with the CASO option on our server with Dedup, then install a BE 2012 with dedup in the remote location.  I could then backup locally and transfer the backup with dedup.  I built a brand new Windows 2003 64bit box and got CASO installed and made it its own domain (log story short, our current domain is same as web presence and presented conflicts).  I built a Windows 2003 server with BE 2012 and dedup and installed at the remote location on their domain.

Here is where I am stuck and symantec documentation/support falls short because they assume anyone attempting this knows all in the ins and outs of networking.

My CASO Server is called CASO64.  My Domain is AKSMStorage.com

My remote server is called BackupSvr.  Their domain is called NJClinic.com.

On the domain server on each each domain, I created a user account called Symantec with local and domain administrative privledges.  I read that 2003 domain servers needed to be elevated to 2003 for domain and forest and I did that on both ends.  Going on the basic info provided by Symantec, I was told to establish trust between the domains.  I followed some examples on the web and I think I established a two way trust.  I can ping each server and workstations from both ends but they need to be fully qualified names.

Symantec is telling me that I need to be able to login to the remote server with the ID, password and domain credentials of my CASO (in other words, AKSStorage.com\Symantec).  When I try this, I get an error: There are currently no logon servers available to service the logon request (1311).

Symantec just tells me it is a network issue, research and get back to them when I get past this step/hurdle.

Hoping there is someone out there that has done this and can give me some terms, direction or google advice for making this progress further.  I don't need to be spoon fed (although willing to accept if someone offers), just need some pointers so I can find what I need to learn and move forward.

Thank you in advance for anyone that responds.

Douglas

0 Kudos
10 REPLIES 10

CraigV
Moderator
Moderator
Partner    VIP    Accredited

‎06-03-2013 10:06 AM

Hi,

 

An easy test for your domain trust is to try logging onto each domain with the BE service account. If you can do so, it isn't a trust issue or DNS.

Thanks!

0 Kudos

AKSM-IT
Level 3

‎06-03-2013 11:43 AM

Craig,

Thank you for your response.  My service account is the "Symantec" ID in both domains.  When I try to login, I get the error:

"There are currently no logon servers available to service the logon request (1311)"

Trying to research this error in google now but it appears to be a lot of possibilities as to cause and solution.

Douglas

0 Kudos

CraigV
Moderator
Moderator
Partner    VIP    Accredited

‎06-03-2013 12:55 PM

If your trust is set up correctly, then you can log onto any server in the NJxxxxxx.com domain with AKxxxxxx\Symantec account.

This was the logon test I was talking about. Sorry if I wasn't clear. Also remove any mention of your domain names as this is a public forum! Being able to do so means your media server in 1 domain should be able to access the server in the trusted domain if that account is a member of the Domain Admins group in NJxxxx.com domain.

Try that logon test.

Thanks!

0 Kudos

AKSM-IT
Level 3

‎06-04-2013 07:05 AM

Craig,

Thanks.  The domains and specs provided were made up for illustration.  I could translate them to the real names and accounts.  Found that providing names makes it easier to discuss.  In my 20 years of programming and in forums, no one has ever called me on it.  You are the first. : )

What you stated above is exactly what I did and got the error I stated.  So I guess its back to the drawing board on trust.  Dedecating my day to this so off to google I go...

Douglas

0 Kudos

CraigV
Moderator
Moderator
Partner    VIP    Accredited

‎06-04-2013 07:10 AM

OK good! yes

Some OPs put production domain names/IP addresses, and sometimes even license keys on the forum. 2-way trust is easy enough to do so, and even a one-way trust. It would mean 1 account being used for backups, and cuts down on admin.

Thanks!

0 Kudos

AKSM-IT
Level 3

‎06-05-2013 12:16 PM

Craig,

How much do you know about WINS?  I have been reading and experimenting.  I finally found dcdiag utility (wasn't on my servers) and ran it.  I am passing the tests.  My trusts appear to be working, I can see each domain from the other but still can not login.  I found a series of articles that states when setting up a two way trust, WINS needs to allow dynamic registration and my error is one way to know WINS is the issue.  Something about the netbios is not resolving the names correctly and can display the error I am seeing.  Trying to find articles on how to work in WINS but only finding explainations of what it is and not how to configure or modify.  I also found an article from Microsoft that tells me the same and says there is a work around using static mappings in WINS but doesn't explain how to put one in.

All my searching is looping on the same articles now.  Running out of ideas.  Suggestions?

Thx,

Douglas

0 Kudos

AKSM-IT
Level 3

‎06-05-2013 12:51 PM

Wait. I think I may have it now.  One of the guys in the PC Helpdesk showed me something.

We logged into the DC of the remote server.  Went into the NIC Properties, advanced, WINS tab.  I added the IP Address of the CASO server/domain.  I thne went to the remote backup server and logged into that server with the CASO Domain\User ID and it logged in.  Yay!

Going to try reverse and then go back to Symantec to complete the install/license part.

Thanks for all your help!  I really appreciate the time and effort.

0 Kudos

CraigV
Moderator
Moderator
Partner    VIP    Accredited

‎06-05-2013 01:08 PM

...haven't worked with WINS in absolute years, so I wouldn't be much use there...glad it seems this got sorted out!

Thanks!

0 Kudos

AKSM-IT
Level 3

‎06-06-2013 07:19 AM

Sorry to say it was a false illusion.  Yes, able to log into the PC using other domain but ID lacks admin properties.  Trying to give the ID admin properties but Active Directory and the local workstation will not let me put the CASO Domaim\Symantec as a user or in the Administrators group on the remote server.

Decided to go back to Symantec Group that sold us on this process.  See if they will help us get this one working.  We bought this one as a test.  If it worked we may want 5-7 more.  Maybe the carrot will help us get someplace.

Again, thanks for all you insight so far.

0 Kudos

AKSM-IT
Level 3

‎06-24-2013 09:26 AM

I'm Back.  Symantec 2nd Tier is looking at this but it requires more network knowledge than either of us has.  Hoping there is a network guy out there that will take pity on us and spread a little knowledge.

I built trust between the two domains. The trusts verify fine from both ends. I can telnet each domain from the other usings the specific ports that Symantec needs.  When I log into the server in Domain A, I can chose Domain B and successfully login and vice versa.

The issue: When I log into server in Domain A with Domain B.  The user only has User Level rights and Symantec appears to require Domain Admin rights.

When I go into Active Directory, it will not allow me to put User@DomainB rights in Domain A or vice versa which we think is key to resolving this issue.

Any ideas would be appreciated.

0 Kudos