Re: Trust Issues
- From: v-rebc@xxxxxxxxxxxxxxxxxxxx ("Rebecca Chen [MSFT]")
- Date: Mon, 04 Jul 2005 10:24:02 GMT
Hi Gabe,
Thanks for the update!
I understand both of two DCs in the same subnet and there is no firewall
between them, however, I am not sure how the CPQTEAM acts and if it has
similiar function to block the port. This is the reason I confirm with you.
I apologize for any confusion.
This issue does like a little wierd. I would like to confirm that are you
able to sccuessfullly add win2k3 domain account to the win2k domain? In
other words, if you share a folder in win2k domain, are you able to select
win2k3 domain and add account to the folder Security tab? If you share a
folder in win2k3 domain, are you able to select win2k domain and add
account to the folder Security tab?
I ask these questions intend to know if the trust has been sucessfully
establish and the only issue is you receveid the error message when
validate this trust; or the trust has not been succussfully established at
all.
On other hand, I will perform more resaerch on this issue and post back if
I have any found.
Thank you for your patience!
Best regards,
Rebecca Chen
MCSE2000 MCDBA CCNA
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>From: "Gabe Knuth" <gknuth@xxxxxxxxxxxxxx>
>References: <#F9Ur0NfFHA.3916@xxxxxxxxxxxxxxxxxxxx>
<eEIKYjOfFHA.2424@xxxxxxxxxxxxxxxxxxxx>
<OJvQsqOfFHA.3304@xxxxxxxxxxxxxxxxxxxx>
<n#V1pFUfFHA.944@xxxxxxxxxxxxxxxxxxxxx>
<eXGAguXfFHA.3460@xxxxxxxxxxxxxxxxxxxx>
<m40pFuifFHA.1336@xxxxxxxxxxxxxxxxxxxxx>
>Subject: Re: Trust Issues
>Date: Fri, 1 Jul 2005 09:33:54 -0500
>Lines: 259
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>X-RFC2646: Format=Flowed; Original
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>Message-ID: <uqUvJokfFHA.3164@xxxxxxxxxxxxxxxxxxxx>
>Newsgroups: microsoft.public.windows.server.general
>NNTP-Posting-Host: 65.247.121.5
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.general:41405
>X-Tomcat-NG: microsoft.public.windows.server.general
>
>Rebecca,
>
>In my email to you, I stated that the servers are on the same subnet.
There
>is no firewall between them. There appear to be no name resolution
problems
>between them.
>
>
>
>""Rebecca Chen [MSFT]"" <v-rebc@xxxxxxxxxxxxxxxxxxxx> wrote in message
>news:<m40pFuifFHA.1336@xxxxxxxxxxxxxxxxxxxxx>...
>> Hi Gabe,
>>
>> I have received three files.
>>
>> Based on my reseach, since this issue only occur when win2k validate
trust
>> to win2k3, it is sucessfully that win2k3 vallidate to win2k. Therefore,
>> probably, it is caused by the ports blocked by firewall.
>>
>> Throught the MPSreport, I have found you installed CPQTEAM, which is a
>> network application. I am not sure if it is a kind of firewall, however,
>> please check it and the windows firwall if port 445 and port 137 are
>> opened. I have seen a similar issue and the root cuase is two ports are
>> deleted and cause the network package cannot be returned to win2k server.
>>
>> Please open the port to check the status and post back if there is any
>> update.
>>
>> Good luck!
>>
>> Best regards,
>>
>> Rebecca Chen
>>
>> MCSE2000 MCDBA CCNA
>>
>>
>> Microsoft Online Partner Support
>> Get Secure! - www.microsoft.com/security
>>
>> =====================================================
>>
>> When responding to posts, please "Reply to Group" via your newsreader so
>> that others may learn and benefit from your issue.
>>
>> =====================================================
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> --------------------
>> >From: "Gabe Knuth" <gknuth@xxxxxxxxxxxxxx>
>> >References: <#F9Ur0NfFHA.3916@xxxxxxxxxxxxxxxxxxxx>
>> <eEIKYjOfFHA.2424@xxxxxxxxxxxxxxxxxxxx>
>> <OJvQsqOfFHA.3304@xxxxxxxxxxxxxxxxxxxx>
>> <n#V1pFUfFHA.944@xxxxxxxxxxxxxxxxxxxxx>
>> >Subject: Re: Trust Issues
>> >Date: Thu, 30 Jun 2005 08:56:19 -0500
>> >Lines: 167
>> >X-Priority: 3
>> >X-MSMail-Priority: Normal
>> >X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>> >X-RFC2646: Format=Flowed; Original
>> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>> >Message-ID: <eXGAguXfFHA.3460@xxxxxxxxxxxxxxxxxxxx>
>> >Newsgroups: microsoft.public.windows.server.general
>> >NNTP-Posting-Host: 65.247.121.5
>> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
>> >Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.general:41231
>> >X-Tomcat-NG: microsoft.public.windows.server.general
>> >
>> >Thanks, Rebecca.
>> >
>> >In my first post I mentioned that I put entries in both LMHOSTS file.
>> >Everything is in all CAPS, and after making the LMHOSTS entry, I ran
>> >nbtstat -R and nbtstat -c...everything looks right.
>> >
>> >I'll email the image, but anyone else can see it here:
>> >http://www.gabeknuth.com/trusterr.bmp
>> >
>> >Thanks,
>> >Gabe
>> >
>> >""Rebecca Chen [MSFT]"" <v-rebc@xxxxxxxxxxxxxxxxxxxx> wrote in message
>> >news:n%23V1pFUfFHA.944@xxxxxxxxxxxxxxxxxxxxxxxx
>> >> Hi Gabe ,
>> >>
>> >> I agree with Todd that this message is misleading, probably, it is a
>> >> name
>> >> resolution issue. My expereince is that lmhost entry is very
important.
>> >> I
>> >> have taken long time to get NT and win2k3 trust work after carefullly
>> >> adding the lmhost host entry since the entry has very strict
>> requirement.
>> >> I
>> >> understand you have added the entry in lmhost file, however, please
>> >> re-check the entry like follows:
>> >>
>> >> 10.0.0.1 PDCNAME #PRE #DOM:DOMAIN-NAME
>> >> 10.0.0.1 "DOMAIN-NAME \0x1b" #PRE
>> >>
>> >> Note The domain name in this entry is case sensitive. Make sure that
>> >> you
>> >> use uppercase characters for the domain name. If you use lowercase
>> >> characters for the domain name, NetBT does not recognize the name.
>> >>
>> >> Note Make sure that you space these entries correctly. Replace
10.0.0.1
>> >> with the IP address of your primary domain controller (PDC). Replace
>> >> PDCName with the NetBIOS name of your PDC, and replace domain with
your
>> >> Windows NT domain name. There must be a total of 20 characters within
>> >> the
>> >> quotations (the domain name plus the appropriate number of spaces to
>> >> pad
>> >> up
>> >> to 15 characters, plus the backslash, plus the NetBIOS hex
>> >> representation
>> >> of the service type).
>> >>
>> >>
>> >> After correctly key in the entry, the issue is gone at my side. With
>> >> this
>> >> entry, you can sucessfully ping throught the desitnation server
without
>> >> DNS
>> >> and WINS server since the DC will this entry to find the destination
>> >> server. Fore more details, please refer to the following article:
>> >>
>> >> 180094 How to write an LMHOSTS file for domain validation
>> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;180094
>> >>
>> >> If the issue persists, please help me gather the folloiwng
>> >> information:
>> >> 1. Take a screen shot of the error and send it to v-rebc@xxxxxxxxxxxxx
>> for
>> >> research.
>> >> 2. Refer to the following steps to run MPSReport on BOTH source DC and
>> >> desination DC, send me the MPSReport and let me know which one is the
>> >> source, which one is the desitination and when the error occurs:
>> >>
>> >> please download the MPS report tool from the following link and send
>> >> the
>> >> result (CAB) file to me. This log file can help me clarify the
computer
>> >> configuration.
>> >>
>> >>
>>
<http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd
>> >> 915706/MPSRPT_SETUPPerf.EXE>
>> >>
>> >> a. Double click this file to run it.
>> >> b. After that, please go to
>> C:\windows\MPSReports\Setup\Reports\Cab
>> >> .
>> >> c. Find a file named [COMPUTERNAME]_MPSReports.CAB
>> >> d. Send this cab file to me at v-rebc@xxxxxxxxxxxxx
>> >>
>> >> Any udpate, let's get in touch!
>> >>
>> >> Best regards,
>> >>
>> >> Rebecca Chen
>> >>
>> >> MCSE2000 MCDBA CCNA
>> >>
>> >>
>> >> Microsoft Online Partner Support
>> >> Get Secure! - www.microsoft.com/security
>> >>
>> >> =====================================================
>> >>
>> >> When responding to posts, please "Reply to Group" via your newsreader
>> >> so
>> >> that others may learn and benefit from your issue.
>> >>
>> >> =====================================================
>> >> This posting is provided "AS IS" with no warranties, and confers no
>> >> rights.
>> >>
>> >> --------------------
>> >>>From: "Gabe Knuth" <gknuth@xxxxxxxxxxxxxx>
>> >>>References: <#F9Ur0NfFHA.3916@xxxxxxxxxxxxxxxxxxxx>
>> >> <eEIKYjOfFHA.2424@xxxxxxxxxxxxxxxxxxxx>
>> >>>Subject: Re: Trust Issues
>> >>>Date: Wed, 29 Jun 2005 15:38:45 -0500
>> >>>Lines: 49
>> >>>X-Priority: 3
>> >>>X-MSMail-Priority: Normal
>> >>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>> >>>X-RFC2646: Format=Flowed; Original
>> >>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>> >>>Message-ID: <OJvQsqOfFHA.3304@xxxxxxxxxxxxxxxxxxxx>
>> >>>Newsgroups: microsoft.public.windows.server.general
>> >>>NNTP-Posting-Host: 65.247.121.5
>> >>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
>> >>>Xref: TK2MSFTNGXA01.phx.gbl
>> >>>microsoft.public.windows.server.general:41162
>> >>>X-Tomcat-NG: microsoft.public.windows.server.general
>> >>>
>> >>>Unfortunately (or fortunately), it's not SP1 .
>> >>>
>> >>>Thanks for the try...
>> >>>
>> >>>"Doug Sherman [MVP]" <dsherman@xxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >>>news:eEIKYjOfFHA.2424@xxxxxxxxxxxxxxxxxxxxxxx
>> >>>>I have not encountered this error in the context of trusts.
>> >>>> However, if the Win 2003 DC is running SP1, see this:
>> >>>>
>> >>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;895085
>> >>>>
>> >>>> Doug Sherman
>> >>>> MCSE, MCSA, MCP+I, MVP
>> >>>>
>> >>>> "Gabe Knuth" <gknuth@xxxxxxxxxxxxxx> wrote in message
>> >>>> news:#F9Ur0NfFHA.3916@xxxxxxxxxxxxxxxxxxxxxxx
>> >>>>> All,
>> >>>>>
>> >>>>> I'm trying to set up a two-way external trust between a Windows
2000
>> AD
>> >>>> and
>> >>>>> a Windows 2003 AD.
>> >>>>>
>> >>>>> From the 2003 side, I can set up the trust just fine and verify
>> >> outgoing.
>> >>>>> On the 2000 side, I can create the trust, but when I verify it, I
>> >> receive
>> >>>>> the following error:
>> >>>>>
>> >>>>> "Information from the primary domain controller for the domain
>> >> werner.com
>> >>>>> cannot be obtained because: the RPC server is unavailable. Make
>> >>>>> sure
>> >>>>> that
>> >>>>> the PDC is operating properly and then try again."
>> >>>>>
>> >>>>> I've been through this forum a dozen times so far. I've found
posts
>> >> that
>> >>>>> suggest pinging the domain names (which works), adding entries to
>> >>>>> the
>> >>>>> LMHOSTS file (which I did), making sure the RPC service is running
>> >>>>> (it
>> >>>> is),
>> >>>>> and adding the trusted domain as a secondary DNS zone to on each
>> domain
>> >>>>> (also done), but none of them has worked.
>> >>>>>
>> >>>>> Can anyone think of anything else?
>> >>>>>
>> >>>>> Thanks,
>> >>>>> Gabe
>> >>>>> gknuth at werner dot com
>> >>>>>
>> >>>>>
>> >>>>
>> >>>>
>> >>>
>> >>>
>> >>>
>> >>
>> >
>> >
>> >
>>
>
>
.
- Follow-Ups:
- Re: Trust Issues
- From: "Rebecca Chen [MSFT]"
- Re: Trust Issues
- References:
- Re: Trust Issues
- From: "Rebecca Chen [MSFT]"
- Re: Trust Issues
- From: Gabe Knuth
- Re: Trust Issues
- Prev by Date: ASR.Sif file documentation
- Next by Date: Re: Trust Issues
- Previous by thread: Re: Trust Issues
- Next by thread: Re: Trust Issues
- Index(es):
Relevant Pages
|
