RE: Trust between two Forests Fail
- From: John Kolodziejski <JohnKolodziejski@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 26 Feb 2007 09:25:11 -0800
Ok, we have an answer.
once WINs was corrected, both sides could see each other, but Company was
being challenged by a log on box every time they tried to create or verify
the trust.
After deep research of the SMB signing, we saw that both servers need Reg Key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\
needed to match on both servers on both sides of the trust.
Our server and their server did not match so we change Company A's server to
match Company B's server.
change enablesecuritysignature=1 to 0.
Also, a Policy had to be changed so the setting would not be constantly
changed back.
Once both sides matched, Company B was no long challenged by a log on box.
Trust was created on their side and verified on both sides and everything
worked fine.
Microsoft, you should make note of this!!!!!!
Our server and their server did not match so we change Company A's server to
match Company B's server.
change enablesecuritysignature=1 to 0.
Also, a Policy had to be changed so the setting would not be constantly
changed back.
Once both sides matched, Company B was no long challanged by a log on box.
Trust was created on their side and verified on both sides and everything
worked fine.
Microsoft, you should make note of this!!!!!!
"John Kolodziejski" wrote:
I work for a company that has just been purchased by another company. As per.
Microsoft Technet “When to create a Forest Trust” a Forest trust fits our
situation perfectly. We are attempting to create a Forest level-two-way trust.
We have run the complete check list “ Checklist: Creating a forest trust “.
Both companies are running only Windows 2003 Servers. Both Domain and Forest
Functional Levels are set to the highest Level. Company A is running all
services under Windows Active Directory (DNS, WINS and so on), Company B is
not running DNS under Windows Active Directory. They are using Linux. We have
set up secondary zones in each DNS name space and we have established Zone
transfers between our two DNS Servers. A DNS lookup does work for both sides.
When company A tries to complete a Forest Level Trust, the trust Wizard
works, and the trust is completed and shows on both active directories, but
when a “Validate ” is done on “Incoming” and “Out Going” we receive an error.
“the Trust cannot be validated for the following reasons: The outgoing trust
was successfully validated. Secure channel (SC) reset on Domain Controller
\\x.companyBdomain.com of domain companyB.com to domain companyA.com failed
with error. There are currently no logon servers available to service the
logon request.
When company B tries to complete the trust wizard, they enter in our
company’s domain name, and they get an error, “Domain not found”.
We have search all over an only came up with a KB document that allies to
Windows NT 4 and earlier.
Can anyone point us to a resolution of our problem?
Thanks,
John
- Follow-Ups:
- Re: Trust between two Forests Fail
- From: Herb Martin
- Re: Trust between two Forests Fail
- Prev by Date: NNTP help
- Next by Date: RE: Two way forest trust fails only in one direction
- Previous by thread: Re: Trust between two Forests Fail
- Next by thread: Re: Trust between two Forests Fail
- Index(es):
Relevant Pages
|
