Disjoint Namespace – Netbios Domain Differs from DNS Domain Name

I administer a Windows 2008 R2 Active Directory Domain.

All was good, all worked OK.

Came to install Exchange 2010 and found the missing “Document” functionality (but I don’t like to talk about this!).

Made a decision to implement UAG 2010 with SSO for OWA along side File Access and access to Remote Apps (RDS).

Followed recommended guides for setting up UAG with SSO but was always prompted for Username and Password when accessing OWA.

Upon further investigation and coming across this document;

http://technet.microsoft.com/en-us/library/bb676377.aspx

I discovered I did in fact have a Disjoint Namespace.

DNS Domain Name : name.local

Primary DNS suffix : name.local

NetBIOS domain name : name_nt_dom

Now as you can see the NetBIOS domain name dates back over 12 years to when the NT Domain was created and the user accounts were migrated over from a Novell 4.12 network (a.k.a. The Good Old Days!).

All was fine and dandy until I came to SSO through UAG for OWA (acronyms.com).

I then followed the instructions here;

http://technet.microsoft.com/en-us/library/aa998420(EXCHG.80).aspx

and using ADSI Edit changed the domain properties of msDS-AllowedDNSSuffixes

Steps;

  •  Open ADSI Edit
  •  Connect to a Domain Controller
  •  Under Default naming context, Right Click “DC=name,DC=local”
  •  Select Properties
  •  In “Attribute Editor”, highlight “msDS-AllowedDNSSuffixes” and click “Edit”
  •  In “Value to add:” type in your DNS Domain name “name.local” and click “Add”
  •  Again in “Value to add:” type in your Netbios Domain name “name_nt_dom” and click “Add”

Images;

Adsi Edit Screen

Adsi Edit Screen

 

Attribute-Editor

 

Multi Value String Editor

Multi Value String Editor

 

Now you will need to wait a decent amount of time for these changes to propogate across your domain DC’s (get a brew or something!).

I also carried out a re-boot on the UAG server just to be on the safe side.

After all this my UAG SSO now works with OWA, File Access and Remote Apps.

Hope this helps anyone else having the same issues.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Post Navigation