Re: DOMAIN TRUST
From: Cary Shultz [A.D. MVP] (cwshultz_at_mvps.org)
Date: 03/30/04
- Next message: Derek Melber [MVP]: "Re: Trust to nt 4 domain from w2k3 forest"
- Previous message: Chris Hall: "Re: Confusing A.D. problems..."
- In reply to: Nick P: "DOMAIN TRUST"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 30 Mar 2004 12:16:37 -0500
Nick,
Without having read all of your post I can tell you that you can not create
a trust in a SBS environment. There is one exception to that: you can
create a temporary trust between SBS2000 and SBS2003 for seven days ( I
believe ) for purposes of migrating from 2000 to 2003.
Also, there are five FSMO roles: Schema Master, Domain Naming Master; PDC
Emulator, RID Master and Infrastructure Master. The first two are
Forest-wide roles and the last three are domain-wide roles. The Global
Catalog Server is not a role ( in the sense of FSMO Roles ). It looks like
you transferred the domain-wide FSMO Roles from the SBS2000 Server ( DC1 )
to the WIN2000 Advanced Server ( DC2 ).
So long as you have a Small Business Server environment ( where the SBS
Server was the first DC in the environment - which is pretty much the only
way that it can happen IIRC ) you can not establish any trust with any other
domain / forest ( save the above mentioned specific exception ). You can
indeed have additional Servers ( Member Servers and Domain Controllers ) in
the domain.
What is it that you are trying to do? Why did you need to create the trust?
Maybe there is another solution.
HTH,
Cary
"Nick P" <anonymous@discussions.microsoft.com> wrote in message
news:15a3001c4166a$a89b7000$a501280a@phx.gbl...
> I have a Windows 2000 SBS server (DC1) and a Windows 2000
> adv Server (DC2). I have since transferred a server roles
> from DC1 to DC2. These include, RID, PDC Emulation,
> Infrastructure and GC... My domain (domain1.com)runs in
> Native mode.
>
> I have also set the LMHOST file up in preperation for
> Domain trust with an external source (domain2.com). The
> server (DC2) appears to have full access to the DC in
> domain2.com. This can be confirmed via email on port 25,
> directory browsing and terminal services - in other words
> no restrictions set between the two domains via teh VPN...
>
> When i try and set the Trust up (domains trusted by this
> domain) i get the following error after typing in the
> domain name and password in the dialog box
>
> ACCESS TO THE DOMAIN DOMAIN2.COM IS DENIED. CHECK THE
> PASSWORD IS CORRECT AND TRY AGAIN.
>
> Having checked my SEcurity event logs, all is well. upon
> investigation of the DC's security logs in the
> DOMIAN2.COM, i have th following errors numbers???
>
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Logon/Logoff
> Event ID: 529
> Date: 3/30/2004
> Time: 2:11:34 PM
> User: NT AUTHORITY\SYSTEM
> Computer: MAIA-SERVER
> Description:
> Logon Failure:
> Reason: Unknown user name or bad password
> User Name: Administrator
> Domain: LEGN
> Logon Type: 3
> Logon Process: NtLmSsp
> Authentication Package: NTLM
> Workstation Name: LEGN-DC2
>
>
>
>
>
>
>
>
>
>
>
>
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Account Logon
> Event ID: 681
> Date: 3/30/2004
> Time: 2:11:34 PM
> User: NT AUTHORITY\SYSTEM
> Computer: MAIA-SERVER
> Description:
> The logon to account: Administrator
> by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
> from workstation: LEGN-DC2
> failed. The error code was: 3221225578
>
> Has anyone come accross this before???
>
- Next message: Derek Melber [MVP]: "Re: Trust to nt 4 domain from w2k3 forest"
- Previous message: Chris Hall: "Re: Confusing A.D. problems..."
- In reply to: Nick P: "DOMAIN TRUST"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
