Re: Trust Issues
- From: "Gabe Knuth" <gknuth@xxxxxxxxxxxxxx>
- Date: Fri, 1 Jul 2005 09:33:54 -0500
Rebecca,
In my email to you, I stated that the servers are on the same subnet. There
is no firewall between them. There appear to be no name resolution problems
between them.
""Rebecca Chen [MSFT]"" <v-rebc@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:<m40pFuifFHA.1336@xxxxxxxxxxxxxxxxxxxxx>...
> Hi Gabe,
>
> I have received three files.
>
> Based on my reseach, since this issue only occur when win2k validate trust
> to win2k3, it is sucessfully that win2k3 vallidate to win2k. Therefore,
> probably, it is caused by the ports blocked by firewall.
>
> Throught the MPSreport, I have found you installed CPQTEAM, which is a
> network application. I am not sure if it is a kind of firewall, however,
> please check it and the windows firwall if port 445 and port 137 are
> opened. I have seen a similar issue and the root cuase is two ports are
> deleted and cause the network package cannot be returned to win2k server.
>
> Please open the port to check the status and post back if there is any
> update.
>
> Good luck!
>
> Best regards,
>
> Rebecca Chen
>
> MCSE2000 MCDBA CCNA
>
>
> Microsoft Online Partner Support
> Get Secure! - www.microsoft.com/security
>
> =====================================================
>
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
>
> =====================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> --------------------
> >From: "Gabe Knuth" <gknuth@xxxxxxxxxxxxxx>
> >References: <#F9Ur0NfFHA.3916@xxxxxxxxxxxxxxxxxxxx>
> <eEIKYjOfFHA.2424@xxxxxxxxxxxxxxxxxxxx>
> <OJvQsqOfFHA.3304@xxxxxxxxxxxxxxxxxxxx>
> <n#V1pFUfFHA.944@xxxxxxxxxxxxxxxxxxxxx>
> >Subject: Re: Trust Issues
> >Date: Thu, 30 Jun 2005 08:56:19 -0500
> >Lines: 167
> >X-Priority: 3
> >X-MSMail-Priority: Normal
> >X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
> >X-RFC2646: Format=Flowed; Original
> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
> >Message-ID: <eXGAguXfFHA.3460@xxxxxxxxxxxxxxxxxxxx>
> >Newsgroups: microsoft.public.windows.server.general
> >NNTP-Posting-Host: 65.247.121.5
> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
> >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.general:41231
> >X-Tomcat-NG: microsoft.public.windows.server.general
> >
> >Thanks, Rebecca.
> >
> >In my first post I mentioned that I put entries in both LMHOSTS file.
> >Everything is in all CAPS, and after making the LMHOSTS entry, I ran
> >nbtstat -R and nbtstat -c...everything looks right.
> >
> >I'll email the image, but anyone else can see it here:
> >http://www.gabeknuth.com/trusterr.bmp
> >
> >Thanks,
> >Gabe
> >
> >""Rebecca Chen [MSFT]"" <v-rebc@xxxxxxxxxxxxxxxxxxxx> wrote in message
> >news:n%23V1pFUfFHA.944@xxxxxxxxxxxxxxxxxxxxxxxx
> >> Hi Gabe ,
> >>
> >> I agree with Todd that this message is misleading, probably, it is a
> >> name
> >> resolution issue. My expereince is that lmhost entry is very important.
> >> I
> >> have taken long time to get NT and win2k3 trust work after carefullly
> >> adding the lmhost host entry since the entry has very strict
> requirement.
> >> I
> >> understand you have added the entry in lmhost file, however, please
> >> re-check the entry like follows:
> >>
> >> 10.0.0.1 PDCNAME #PRE #DOM:DOMAIN-NAME
> >> 10.0.0.1 "DOMAIN-NAME \0x1b" #PRE
> >>
> >> Note The domain name in this entry is case sensitive. Make sure that
> >> you
> >> use uppercase characters for the domain name. If you use lowercase
> >> characters for the domain name, NetBT does not recognize the name.
> >>
> >> Note Make sure that you space these entries correctly. Replace 10.0.0.1
> >> with the IP address of your primary domain controller (PDC). Replace
> >> PDCName with the NetBIOS name of your PDC, and replace domain with your
> >> Windows NT domain name. There must be a total of 20 characters within
> >> the
> >> quotations (the domain name plus the appropriate number of spaces to
> >> pad
> >> up
> >> to 15 characters, plus the backslash, plus the NetBIOS hex
> >> representation
> >> of the service type).
> >>
> >>
> >> After correctly key in the entry, the issue is gone at my side. With
> >> this
> >> entry, you can sucessfully ping throught the desitnation server without
> >> DNS
> >> and WINS server since the DC will this entry to find the destination
> >> server. Fore more details, please refer to the following article:
> >>
> >> 180094 How to write an LMHOSTS file for domain validation
> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;180094
> >>
> >> If the issue persists, please help me gather the folloiwng
> >> information:
> >> 1. Take a screen shot of the error and send it to v-rebc@xxxxxxxxxxxxx
> for
> >> research.
> >> 2. Refer to the following steps to run MPSReport on BOTH source DC and
> >> desination DC, send me the MPSReport and let me know which one is the
> >> source, which one is the desitination and when the error occurs:
> >>
> >> please download the MPS report tool from the following link and send
> >> the
> >> result (CAB) file to me. This log file can help me clarify the computer
> >> configuration.
> >>
> >>
> <http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd
> >> 915706/MPSRPT_SETUPPerf.EXE>
> >>
> >> a. Double click this file to run it.
> >> b. After that, please go to
> C:\windows\MPSReports\Setup\Reports\Cab
> >> .
> >> c. Find a file named [COMPUTERNAME]_MPSReports.CAB
> >> d. Send this cab file to me at v-rebc@xxxxxxxxxxxxx
> >>
> >> Any udpate, let's get in touch!
> >>
> >> Best regards,
> >>
> >> Rebecca Chen
> >>
> >> MCSE2000 MCDBA CCNA
> >>
> >>
> >> Microsoft Online Partner Support
> >> Get Secure! - www.microsoft.com/security
> >>
> >> =====================================================
> >>
> >> When responding to posts, please "Reply to Group" via your newsreader
> >> so
> >> that others may learn and benefit from your issue.
> >>
> >> =====================================================
> >> This posting is provided "AS IS" with no warranties, and confers no
> >> rights.
> >>
> >> --------------------
> >>>From: "Gabe Knuth" <gknuth@xxxxxxxxxxxxxx>
> >>>References: <#F9Ur0NfFHA.3916@xxxxxxxxxxxxxxxxxxxx>
> >> <eEIKYjOfFHA.2424@xxxxxxxxxxxxxxxxxxxx>
> >>>Subject: Re: Trust Issues
> >>>Date: Wed, 29 Jun 2005 15:38:45 -0500
> >>>Lines: 49
> >>>X-Priority: 3
> >>>X-MSMail-Priority: Normal
> >>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
> >>>X-RFC2646: Format=Flowed; Original
> >>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
> >>>Message-ID: <OJvQsqOfFHA.3304@xxxxxxxxxxxxxxxxxxxx>
> >>>Newsgroups: microsoft.public.windows.server.general
> >>>NNTP-Posting-Host: 65.247.121.5
> >>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
> >>>Xref: TK2MSFTNGXA01.phx.gbl
> >>>microsoft.public.windows.server.general:41162
> >>>X-Tomcat-NG: microsoft.public.windows.server.general
> >>>
> >>>Unfortunately (or fortunately), it's not SP1 .
> >>>
> >>>Thanks for the try...
> >>>
> >>>"Doug Sherman [MVP]" <dsherman@xxxxxxxxxxxxxxxxxxxxx> wrote in message
> >>>news:eEIKYjOfFHA.2424@xxxxxxxxxxxxxxxxxxxxxxx
> >>>>I have not encountered this error in the context of trusts.
> >>>> However, if the Win 2003 DC is running SP1, see this:
> >>>>
> >>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;895085
> >>>>
> >>>> Doug Sherman
> >>>> MCSE, MCSA, MCP+I, MVP
> >>>>
> >>>> "Gabe Knuth" <gknuth@xxxxxxxxxxxxxx> wrote in message
> >>>> news:#F9Ur0NfFHA.3916@xxxxxxxxxxxxxxxxxxxxxxx
> >>>>> All,
> >>>>>
> >>>>> I'm trying to set up a two-way external trust between a Windows 2000
> AD
> >>>> and
> >>>>> a Windows 2003 AD.
> >>>>>
> >>>>> From the 2003 side, I can set up the trust just fine and verify
> >> outgoing.
> >>>>> On the 2000 side, I can create the trust, but when I verify it, I
> >> receive
> >>>>> the following error:
> >>>>>
> >>>>> "Information from the primary domain controller for the domain
> >> werner.com
> >>>>> cannot be obtained because: the RPC server is unavailable. Make
> >>>>> sure
> >>>>> that
> >>>>> the PDC is operating properly and then try again."
> >>>>>
> >>>>> I've been through this forum a dozen times so far. I've found posts
> >> that
> >>>>> suggest pinging the domain names (which works), adding entries to
> >>>>> the
> >>>>> LMHOSTS file (which I did), making sure the RPC service is running
> >>>>> (it
> >>>> is),
> >>>>> and adding the trusted domain as a secondary DNS zone to on each
> domain
> >>>>> (also done), but none of them has worked.
> >>>>>
> >>>>> Can anyone think of anything else?
> >>>>>
> >>>>> Thanks,
> >>>>> Gabe
> >>>>> gknuth at werner dot com
> >>>>>
> >>>>>
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>
> >
> >
> >
>
.
- Follow-Ups:
- Re: Trust Issues
- From: "Rebecca Chen [MSFT]"
- Re: Trust Issues
- References:
- Re: Trust Issues
- From: "Rebecca Chen [MSFT]"
- Re: Trust Issues
- Prev by Date: Addendum
- Next by Date: Re: Help! Make Windows recgonize folder as EFS encrypted
- Previous by thread: Re: Trust Issues
- Next by thread: Re: Trust Issues
- Index(es):
Relevant Pages
|
