Re: Not able to establish trust with another window 2003 domain
- From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
- Date: Wed, 8 Nov 2006 14:03:57 -0000
I'm out of clues, review all previous posts and recheck again, at this time your trust should be working, if its not pobably you missed something.
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"Eng" <Eng@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:78B2A545-2DD6-4A8D-853D-B1E1065BD6A3@xxxxxxxxxxxxxxxx
Hi Guys,
Thank you very much for all the suggestion. But i had try all of them and
still No Luck. The same error still come up.
Appreciated for all the help given. I will see what I can do from now.
Thank you
Eng
"Jorge Silva" wrote:
Other problems related with 40960 could be - This behavior occurs when you
restart the server that was promoted to a domain controller. In this
scenario, the Windows Time service (W32Time) tries to authenticate before
Directory Services has started.
Event IDs 40960 and 40961 in the System Event Log When You Restart Windows
Server 2003 After You Run Dcpromo.exe
http://support.microsoft.com/kb/823712/en-us
Situation 2
LSASRV Event IDs 40960 and 40961 When You Promote a Server to a Domain
Controller Role
http://support.microsoft.com/kb/824217/en-us
Other Related:
You cannot access network resources after you try to log on to a Windows XP
Service Pack 2-based computer
http://support.microsoft.com/kb/885887/en-us
You cannot access resources after you install Security Bulletin MS04-011 or
Windows XP Service Pack 2
http://support.microsoft.com/kb/891559/en-us
Logon Authentication, Active Directory Replication, and Domain Joins Do Not
Complete Successfully
http://support.microsoft.com/kb/315150/en-us
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message
news:uLm%23qyaAHHA.4212@xxxxxxxxxxxxxxxxxxxxxxx
> Hi
> The 40960 Errors Can have some different Causes: - Generally, these > errors
> can be safely ignored. These errors occur because the DNS server > doesn't
> have a Reverse Lookup Zone Configured. Although Active Directory > doesn't
> need Reverse Lookup Zone to function, the Windows 2003 and XP tries to
> make a secure PTR registration, and because the Reverse Lookup Zone > isn't
> configured, the OS tries to make a secure PTR registration at the
> External DNS that is Authoritative over the reverse lookup of the IP on
> the machine's local interface. If it's a private address it will say
> cannot establish a secured connection with the server > prisoner.iana.org.
> Also, nslookup will report "Can't find server name for address
> <IPAddressOfDNSServer>
>
> Solution: 1-Create a Reverse Lookup Zone.
>
> -----------
>
> I know that I started to answer this post but unfortunately I can't see
> all the thread.
>
> Test your MTU from the problem server by pinging the gateway of your
> router:
> ping -f <IP> - 1472
>
>
>
> You need to start at your problem server, with a 1472 byte packet, then
> ping your machine gateway (router if any) address with a 1472 byte > packet,
> then ping the next gateway with 1472 byte packet, etc. until you reach > the
> other server.
>
> If you ping a router that returns a time out or "Packet needs to be
> fragmented but DF set.", then you should reduce the packet size to that
> router until the ping returns.
> Then find the issue with that router as to why it is using a reduced > MTU
> setting and increase the router MTU.
>
> -- > I hope that the information above helps you
> Good Luck
>
>
> Jorge Silva
> MCSA
> Systems Administrator
>
> "Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
> news:%23QnTwkaAHHA.1012@xxxxxxxxxxxxxxxxxxxxxxx
>>I don't know what else to tell you. I'm not sure the 40960 even has
>>anything to do with your problem.
>>
>> You could use the KBB 889030 and see if there is value in it. It was
>> written for nt to AD but there maybe issuues in it that could help you >> as
>> well.
>> http://support.microsoft.com/default.aspx/kb/889030/en-us
>>
>> -- >> Paul Bergson
>> MVP - Directory Services
>> MCT, MCSE, MCSA, Security+, BS CSci
>> 2003, 2000 (Early Achiever), NT
>>
>> http://www.pbbergs.com
>>
>> Please no e-mails, any questions should be posted in the NewsGroup
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> "Eng" <Eng@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:ED04FC4D-9D6E-43D2-942D-409C76ED91DB@xxxxxxxxxxxxxxxx
>>> Hi,
>>>
>>> Thank you for the reply.
>>>
>>> No. The time of the two server is the same. No different. I had check
>>> all
>>> the servers and all their time is the same. No delay.
>>>
>>> Thank you
>>>
>>> Eng
>>>
>>> "Paul Bergson [MVP-DS]" wrote:
>>>
>>>>
>>>> Is the time on the two servers within 5 minutes of one another?
>>>>
>>>>
>>>> -- >>>> Paul Bergson
>>>> MVP - Directory Services
>>>> MCT, MCSE, MCSA, Security+, BS CSci
>>>> 2003, 2000 (Early Achiever), NT
>>>>
>>>> http://www.pbbergs.com
>>>>
>>>> Please no e-mails, any questions should be posted in the NewsGroup
>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>> rights.
>>>>
>>>> "Eng" <Eng@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>>>> news:A71801D5-051B-4A3E-9834-80EFF38AE1AC@xxxxxxxxxxxxxxxx
>>>> > Hi,
>>>> >
>>>> > I had follow exactly the same that stated in your article but >>>> > still
>>>> > fail.
>>>> > Also, i had try to use your web tool to generate the syntax but >>>> > still
>>>> > fail.
>>>> >
>>>> > I try to remove the trust that created at my Source and re-create
>>>> > again.
>>>> > But
>>>> > this time its fail with the same error. Really headache with this
>>>> > issue.
>>>> >
>>>> > Anything else that i can try?
>>>> >
>>>> > Thank you
>>>> >
>>>> > Eng
>>>> >
>>>> > "Paul Bergson [MVP-DS]" wrote:
>>>> >
>>>> >> The spaces in the lmhost names for the dc's and domain names is
>>>> >> critical,
>>>> >> be
>>>> >> sure that both are properly spaced, that is why I pointed to this >>>> >> in
>>>> >> my
>>>> >> article I sent you to read.
>>>> >>
>>>> >>
>>>> >> -- >>>> >> Paul Bergson
>>>> >> MVP - Directory Services
>>>> >> MCT, MCSE, MCSA, Security+, BS CSci
>>>> >> 2003, 2000 (Early Achiever), NT
>>>> >>
>>>> >> http://www.pbbergs.com
>>>> >>
>>>> >> Please no e-mails, any questions should be posted in the >>>> >> NewsGroup
>>>> >> This posting is provided "AS IS" with no warranties, and confers >>>> >> no
>>>> >> rights.
>>>> >>
>>>> >> "Eng" <Eng@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>>>> >> news:A3B6EA10-F93E-412F-BECC-0B566709E55A@xxxxxxxxxxxxxxxx
>>>> >> > Hi Paul,
>>>> >> >
>>>> >> > Thank you for your reply.
>>>> >> >
>>>> >> > The lmhost file is working but is only working for my source
>>>> >> > domain.
>>>> >> > Which
>>>> >> > mean, my source domain able to create a trust to the target, >>>> >> > but
>>>> >> > when I
>>>> >> > try
>>>> >> > to create the trust from my target to my source, its fail again
>>>> >> > with
>>>> >> > the
>>>> >> > same
>>>> >> > error.
>>>> >> >
>>>> >> > I try to remove the lmhost file and copy from my source domain >>>> >> > pdc
>>>> >> > and
>>>> >> > change the name and ip and try again. But its fail too.
>>>> >> >
>>>> >> > On my source, I try to verify the trust after i had created the
>>>> >> > trust
>>>> >> > but
>>>> >> > it
>>>> >> > fail. (Strange, I can create the trust but I cannot verify the
>>>> >> > trust).
>>>> >> > I
>>>> >> > open
>>>> >> > event viewer and found that the following event id is log,
>>>> >> > Event ID: 40960
>>>> >> > Description:The Security System detected an authentication >>>> >> > error
>>>> >> > for
>>>> >> > the
>>>> >> > server cifs/ky-target.TARGET.LOCAL. The failure code from
>>>> >> > authentication
>>>> >> > protocol Kerberos was "The referenced account is currently
>>>> >> > disabled and
>>>> >> > may
>>>> >> > not be logged on to.
>>>> >> > (0xc0000072)".
>>>> >> >
>>>> >> > I try to search MS website but fail to find a solution. Any >>>> >> > idea
>>>> >> > what
>>>> >> > is
>>>> >> > going on?
>>>> >> >
>>>> >> > Thank you
>>>> >> >
>>>> >> > Eng
>>>> >> >
>>>> >> >
>>>> >> > "Paul Bergson [MVP-DS]" wrote:
>>>> >> >
>>>> >> >> You could try creating an LMHosts file and see if that helps.
>>>> >> >>
>>>> >> >> Go to my website and lookup trust setup on an nt4 v 2003. >>>> >> >> This
>>>> >> >> should
>>>> >> >> work
>>>> >> >> for 2003 v 2003, it even has a fool proof way to setup the >>>> >> >> LMHost
>>>> >> >> records.
>>>> >> >>
>>>> >> >> http://www.pbbergs.com
>>>> >> >> Select articles and click on NT4 -v- Active Directory Trust
>>>> >> >>
>>>> >> >> -- >>>> >> >> Paul Bergson
>>>> >> >> MVP - Directory Services
>>>> >> >> MCT, MCSE, MCSA, Security+, BS CSci
>>>> >> >> 2003, 2000 (Early Achiever), NT
>>>> >> >>
>>>> >> >> http://www.pbbergs.com
>>>> >> >>
>>>> >> >> Please no e-mails, any questions should be posted in the
>>>> >> >> NewsGroup
>>>> >> >> This posting is provided "AS IS" with no warranties, and >>>> >> >> confers
>>>> >> >> no
>>>> >> >> rights.
>>>> >> >>
>>>> >> >> "Eng" <Eng@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>>>> >> >> news:9DD4123F-CA92-4087-BB2B-F05EDEDA9DB6@xxxxxxxxxxxxxxxx
>>>> >> >> > Hi Paul,
>>>> >> >> >
>>>> >> >> > Thank you for your reply.
>>>> >> >> >
>>>> >> >> > I had followed the instruction from the website that you
>>>> >> >> > provide but
>>>> >> >> > still
>>>> >> >> > no luck. I still getting the same error message "The Local
>>>> >> >> > Security
>>>> >> >> > Authority
>>>> >> >> > is unable to obtain an ROC connection from the domain
>>>> >> >> > controller
>>>> >> >> > DC1.target.local. Please check that the name can be resolved
>>>> >> >> > and
>>>> >> >> > that
>>>> >> >> > the
>>>> >> >> > server is available" .
>>>> >> >> >
>>>> >> >> > I had verify that the RPC services is running and the name >>>> >> >> > can
>>>> >> >> > be
>>>> >> >> > resolve
>>>> >> >> > on
>>>> >> >> > each domain.
>>>> >> >> >
>>>> >> >> > My source and target domain currently sitting on the same
>>>> >> >> > subnet. I
>>>> >> >> > don't
>>>> >> >> > think this is a problem right? correct me if i am wrong.
>>>> >> >> >
>>>> >> >> > Is there any other way that I can try/ do to resolve my >>>> >> >> > issue?
>>>> >> >> >
>>>> >> >> > Thank you
>>>> >> >> >
>>>> >> >> > Eng
>>>> >> >> >
>>>> >> >> > "Paul Bergson [MVP-DS]" wrote:
>>>> >> >> >
>>>> >> >> >> I'm unclear as to what you have setup for dns. For now try
>>>> >> >> >> setting
>>>> >> >> >> up
>>>> >> >> >> a
>>>> >> >> >> secondary of each others primary and see if you have any >>>> >> >> >> luck.
>>>> >> >> >>
>>>> >> >> >> Secondary
.
- References:
- Re: Not able to establish trust with another window 2003 domain
- From: Paul Bergson [MVP-DS]
- Re: Not able to establish trust with another window 2003 domain
- From: Eng
- Re: Not able to establish trust with another window 2003 domain
- From: Paul Bergson [MVP-DS]
- Re: Not able to establish trust with another window 2003 domain
- From: Eng
- Re: Not able to establish trust with another window 2003 domain
- From: Paul Bergson [MVP-DS]
- Re: Not able to establish trust with another window 2003 domain
- From: Jorge Silva
- Re: Not able to establish trust with another window 2003 domain
- From: Jorge Silva
- Re: Not able to establish trust with another window 2003 domain
- From: Eng
- Re: Not able to establish trust with another window 2003 domain
- Prev by Date: Re: Test Domain
- Next by Date: Re: mandatory active desktop background
- Previous by thread: Re: Not able to establish trust with another window 2003 domain
- Next by thread: Re: Not able to establish trust with another window 2003 domain
- Index(es):
Relevant Pages
|
