Trusted domain not show in "Entire Directory" list.

From: Ryan G (G_at_discussions.microsoft.com)
Date: 12/21/04

Next message: Ryan G: "RE: Trusted domain not show in "Entire Directory" list."
Previous message: Clementius: "Re: How to check old computer names"
Next in thread: Ryan G: "RE: Trusted domain not show in "Entire Directory" list."
Reply: Ryan G: "RE: Trusted domain not show in "Entire Directory" list."
Messages sorted by: [ date ] [ thread ]

Date: Mon, 20 Dec 2004 16:47:02 -0800

We're currently in the process of moving/upgrading to Win2k3 and successfully
created and moved all the existing users to a new domain in a testlab with no
problems.

Now we've moved onto the real thing and are having some issues.

We've setup the DNS replication between the 2 domains and can resolve
everything fine. The trust has been established and verifies fine from all
DC's at any end. However, I can't add any users from the external domain to
the local groups. ie. Add new_domain\administrator to old_domain\domain
admins and vice versa.

The only clue that I've got is the following error log that is generated on
one of our GC's on the old domain every time you verify the trust;
--------------------------------------------------
A Kerberos Error Message was received:
on logon session InitializeSecurityContext
Client Time:
Server Time:
Error Code: 0:29:5.0000 12/21/2004 (null) 0x7
Extended Error: KDC_ERR_S_PRINCIPAL_UNKNOWN
Client Realm:
Client Name:
Server Realm: OLD_DOMAIN.COM
Server Name: krbtgt/OLD_DOMAIN.COM
Target Name: HOST/DC1.NEW_DOMAIN.LOCAL@OLD_DOMAIN.COM
Error Text:
File:
Line:
Error Data is in record data.
--------------------------------------------------

Can somebody please help us out.

Next message: Ryan G: "RE: Trusted domain not show in "Entire Directory" list."
Previous message: Clementius: "Re: How to check old computer names"
Next in thread: Ryan G: "RE: Trusted domain not show in "Entire Directory" list."
Reply: Ryan G: "RE: Trusted domain not show in "Entire Directory" list."
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Event ID:3 Numerous Kerberos Errors
... Server: krbtgt/domain.COM@xxxxxxxxxx ... A Kerberos Error Message was received: ... Client Realm: ... Error Data is in record data. ...
(microsoft.public.windows.server.general)
Re: kerberos
... Client Realm: ... Server Realm: MYDOMAIN.COM ... Error Data is in record data. ...
(microsoft.public.win2000.security)
Re: SetSPN problem
... > Jasper Smith (SQL Server MVP) ... > Client Realm: ... > Error Data is in record data. ...
(microsoft.public.sqlserver.security)
Re: Kerberos error
... Client Realm: ... Server Realm: DOOM.ABC.COM ... Error Data is in record data. ...
(microsoft.public.win2000.active_directory)
Re: Kerberos Issues
... > I get a ton of Kerberos event log items. ... > Client Realm: ... > Error Data is in record data. ...
(microsoft.public.win2000.security)