Re: Trust between two Forests Fail
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Fri, 16 Feb 2007 10:55:31 -0600
"John Kolodziejski" <JohnKolodziejski@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:8D5C7A9E-5056-42CF-8E8E-E88D45F47815@xxxxxxxxxxxxxxxx
"Herb Martin" wrote:
"John Kolodziejski" <JohnKolodziejski@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:9E07DD53-03F7-4832-98A9-7A087257D04A@xxxxxxxxxxxxxxxx
We are making progress. WINS AND DNS are working. WINS is Replicating
on
both
sides. We are a Forward Look Up Zone in their Windows DNS and They are
in
ours.
CONDITIONAL I hope. Never set two DNS Server sets to forward
unconditionally to each other -- it causes infinite loops and server
crashes.
Yes
I can now Vaildate both sides of the Trust on our DC, and the response
is
"THE trust has been validated. It is in place and active"
If they try to do the same from their side, they are still prompted
with a
sign on box. No matter what user name and password they put in, the log
on
fails.
Username would include DOMAIN, there Domain\Username form or another
one that is equivalent.
When we do it on our side to theirs we do not enter the Domain\User just
the
user and it works. Why would it not work in reverse. Also, if the log on
box
say" Enter a user with permissions to administer Trust for the other
Domian,
wouldn't automaticlly validate against the other domain?
It is possible that the name is being used on the "wrong" AD, or even the
server/workstation if not working from a DC, unless it is SPECIFIED.
Also, I have tried entering aaa\user and aaa.aaa.aaa\user from their side
and it still does not work
Generally use the NetBIOSNAme\User, or the USER@xxxxxxxxx
If they click on "Save As" the file with details about the status of
names
associated with this trust on thier side, it reflects the approiate
information as compaired to the same file on our side.
Either the other uses isn't an Admin or isn't properly authenticating
over
there -- or their domain isn't properly sending the credentials to your
domain.
Exactly, their domain isn't properly sending the credentials to our
domain.
How do we verify this or find out way their domain isn't properly sending
the
credentials to our domain. If we can fix this, I thinh the problem will be
solved.
First, I would retrace both the DNS and WINS manually, again and again
once more.
Double check that EVERY DC (and if you use a non-DC to run the test it
too) is able to follow that DNS/WINS AND that it is replicated (DCDiag
and RepAdmin).
Are you working from "the DC" or another machine one the side that doesn't
work? If not from the DC (where authentication would be manadatory) then
triple check that the machine is AUTHENTICATING in the domain that
doesn't work (from that side), and that the user is ALSO authenticating.
Set LogonServer
NLTest etc.
Desperate, I might put a netmon/sniffer on the line in each direction and
see the difference, but this is going to be very difficult to analyze -- I
think
I COULD do it, but I wouldn't be sure until I succeeded.
I can access their Active Directory from my side and can nodify users
(using
Administrative Tools, Active Directory Users and Computers" "Connect to
a
Domain", They can see my active directory using the same process in
reverse,
but they can not do anything, everything is grayed out.
Have you given them PERMISSIONS (really made their admin a member of
your Domain Admins group)?
YES, he can Remote Desktop to one of our servers, log in with his user
name
for our domain and administer our servers.
Login with the same (full) user name as he uses on his own domain?
Domain\User?
If so, the trust from you to them works.
What happens if you try the other direction, same test?
I feel the last problem we are having is clearing the problem of why
the
are being prompted with the log on box.
Truthfully, I am not sure exactly when and where the prompt is occuring.
Does any one have any ideas of what the problem may be?
--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)
.
- References:
- RE: Trust between two Forests Fail
- From: John Kolodziejski
- Re: Trust between two Forests Fail
- From: Herb Martin
- Re: Trust between two Forests Fail
- From: John Kolodziejski
- RE: Trust between two Forests Fail
- Prev by Date: Re: Granting permissions in ADAM
- Next by Date: Re: DNS Server problem is driving me nuts...
- Previous by thread: Re: Trust between two Forests Fail
- Next by thread: RE: Trust between two Forests Fail
- Index(es):
Relevant Pages
|
