Re: Trust Issues
- From: v-rebc@xxxxxxxxxxxxxxxxxxxx ("Rebecca Chen [MSFT]")
- Date: Thu, 07 Jul 2005 10:08:26 GMT
Hi Gabe,
I understand. The reason I have asked for MPSreport is going to see many
configuraitons including the networking; however, using Virtual machine is
a very good idea for test purpost but not for troubleshooting at some times
since it is hard to determine if the VMWare image, VMware options or other
cause.
I understand you have call the phone support to contiune to work on this
issue. I believe others will get benifits if you would post back the
resolution.
On other hand, if this issue could be reproduced on the real machine, you
are welcome to continue work here in the newsgroup.
Thank you for your understanding.
Best regards,
Rebecca Chen
MCSE2000 MCDBA CCNA
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>From: "Gabe Knuth" <gknuth@xxxxxxxxxxxxxx>
>References: <#F9Ur0NfFHA.3916@xxxxxxxxxxxxxxxxxxxx>
<eEIKYjOfFHA.2424@xxxxxxxxxxxxxxxxxxxx>
<OJvQsqOfFHA.3304@xxxxxxxxxxxxxxxxxxxx>
<n#V1pFUfFHA.944@xxxxxxxxxxxxxxxxxxxxx>
<eXGAguXfFHA.3460@xxxxxxxxxxxxxxxxxxxx>
<m40pFuifFHA.1336@xxxxxxxxxxxxxxxxxxxxx>
<uqUvJokfFHA.3164@xxxxxxxxxxxxxxxxxxxx>
<zx86BKIgFHA.1184@xxxxxxxxxxxxxxxxxxxxx>
<EgBOlZIgFHA.940@xxxxxxxxxxxxxxxxxxxxx>
>Subject: Re: Trust Issues
>Date: Wed, 6 Jul 2005 10:20:36 -0500
>Lines: 442
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>X-RFC2646: Format=Flowed; Original
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>Message-ID: <e#zbm5jgFHA.3616@xxxxxxxxxxxxxxxxxxxx>
>Newsgroups: microsoft.public.windows.server.general
>NNTP-Posting-Host: 65.247.121.5
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.general:41775
>X-Tomcat-NG: microsoft.public.windows.server.general
>
>I put them in the VM to see if I could recreate them and not affect my
>production environment. It is the same exact problem in the lab. I'm not
>about to put my production environment at risk if I can recreate so
>faithfully in a non-production setting. I could just as easily run the
>report utility on the production server and still work on any solutions in
>the lab. I could load it on VirtualPC or Virtual Server too. You'd have
>the same information.
>
>Also, the CPQTEAM is simply the NIC teaming software for the HP server
that
>the production DC runs on. It is not configured, and is not having an
>effect on the problem.
>
>We can go ahead and kill this thread. I'm just going to call support.
>
>""Rebecca Chen [MSFT]"" <v-rebc@xxxxxxxxxxxxxxxxxxxx> wrote in message
>news:EgBOlZIgFHA.940@xxxxxxxxxxxxxxxxxxxxxxxx
>> Hi Gabe,
>>
>> I have found the following founds:
>>
>> 1. One thing is incorrect in the system log on win2k3 DC, please check
the
>> system time on win2k3 DC, it goes to 2006 year. Please correct the date
>> and
>> the time, restart the machine to check the status.
>>
>> 2. These two systems are the virtual machine in VMware. Unfortunately,
>> VMware virtual machine is not supported in this newsgroup since we lack
of
>> resource about the how Vmware works and this issue may be related to the
>> VMware configuration.
>>
>> Please build up two real machine in the network to check if the same
>> issue
>> occurs. If the same issue occur, I am glad to contiune to work on with
>> this
>> issue.
>>
>> Thank you for your understanding!
>>
>>
>>
>> Best regards,
>>
>> Rebecca Chen
>>
>> MCSE2000 MCDBA CCNA
>>
>>
>> Microsoft Online Partner Support
>> Get Secure! - www.microsoft.com/security
>>
>> =====================================================
>>
>> When responding to posts, please "Reply to Group" via your newsreader so
>> that others may learn and benefit from your issue.
>>
>> =====================================================
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> --------------------
>>>X-Tomcat-ID: 151901727
>>>References: <#F9Ur0NfFHA.3916@xxxxxxxxxxxxxxxxxxxx>
>> <eEIKYjOfFHA.2424@xxxxxxxxxxxxxxxxxxxx>
>> <OJvQsqOfFHA.3304@xxxxxxxxxxxxxxxxxxxx>
>> <n#V1pFUfFHA.944@xxxxxxxxxxxxxxxxxxxxx>
>> <eXGAguXfFHA.3460@xxxxxxxxxxxxxxxxxxxx>
>> <m40pFuifFHA.1336@xxxxxxxxxxxxxxxxxxxxx>
>> <uqUvJokfFHA.3164@xxxxxxxxxxxxxxxxxxxx>
>>>MIME-Version: 1.0
>>>Content-Type: text/plain
>>>Content-Transfer-Encoding: 7bit
>>>From: v-rebc@xxxxxxxxxxxxxxxxxxxx ("Rebecca Chen [MSFT]")
>>>Organization: Microsoft
>>>Date: Mon, 04 Jul 2005 10:24:02 GMT
>>>Subject: Re: Trust Issues
>>>X-Tomcat-NG: microsoft.public.windows.server.general
>>>Message-ID: <zx86BKIgFHA.1184@xxxxxxxxxxxxxxxxxxxxx>
>>>Newsgroups: microsoft.public.windows.server.general
>>>Lines: 299
>>>Path: TK2MSFTNGXA01.phx.gbl
>>>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.general:41597
>>>NNTP-Posting-Host: tomcatimport2.phx.gbl 10.201.218.182
>>>
>>>Hi Gabe,
>>>
>>>Thanks for the update!
>>>
>>>I understand both of two DCs in the same subnet and there is no firewall
>>>between them, however, I am not sure how the CPQTEAM acts and if it has
>>>similiar function to block the port. This is the reason I confirm with
>> you.
>>>I apologize for any confusion.
>>>
>>>This issue does like a little wierd. I would like to confirm that are you
>>>able to sccuessfullly add win2k3 domain account to the win2k domain? In
>>>other words, if you share a folder in win2k domain, are you able to
select
>>>win2k3 domain and add account to the folder Security tab? If you share a
>>>folder in win2k3 domain, are you able to select win2k domain and add
>>>account to the folder Security tab?
>>>
>>>I ask these questions intend to know if the trust has been sucessfully
>>>establish and the only issue is you receveid the error message when
>>>validate this trust; or the trust has not been succussfully established
at
>>>all.
>>>
>>>On other hand, I will perform more resaerch on this issue and post back
if
>>>I have any found.
>>>
>>>Thank you for your patience!
>>>
>>>Best regards,
>>>
>>>Rebecca Chen
>>>
>>>MCSE2000 MCDBA CCNA
>>>
>>>
>>>Microsoft Online Partner Support
>>>Get Secure! - www.microsoft.com/security
>>>
>>>=====================================================
>>>
>>>When responding to posts, please "Reply to Group" via your newsreader so
>>>that others may learn and benefit from your issue.
>>>
>>>=====================================================
>>>This posting is provided "AS IS" with no warranties, and confers no
>>>rights.
>>>
>>>--------------------
>>>>From: "Gabe Knuth" <gknuth@xxxxxxxxxxxxxx>
>>>>References: <#F9Ur0NfFHA.3916@xxxxxxxxxxxxxxxxxxxx>
>>><eEIKYjOfFHA.2424@xxxxxxxxxxxxxxxxxxxx>
>>><OJvQsqOfFHA.3304@xxxxxxxxxxxxxxxxxxxx>
>>><n#V1pFUfFHA.944@xxxxxxxxxxxxxxxxxxxxx>
>>><eXGAguXfFHA.3460@xxxxxxxxxxxxxxxxxxxx>
>>><m40pFuifFHA.1336@xxxxxxxxxxxxxxxxxxxxx>
>>>>Subject: Re: Trust Issues
>>>>Date: Fri, 1 Jul 2005 09:33:54 -0500
>>>>Lines: 259
>>>>X-Priority: 3
>>>>X-MSMail-Priority: Normal
>>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>>>>X-RFC2646: Format=Flowed; Original
>>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>>>>Message-ID: <uqUvJokfFHA.3164@xxxxxxxxxxxxxxxxxxxx>
>>>>Newsgroups: microsoft.public.windows.server.general
>>>>NNTP-Posting-Host: 65.247.121.5
>>>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
>>>>Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.general:41405
>>>>X-Tomcat-NG: microsoft.public.windows.server.general
>>>>
>>>>Rebecca,
>>>>
>>>>In my email to you, I stated that the servers are on the same subnet.
>>>There
>>>>is no firewall between them. There appear to be no name resolution
>>>problems
>>>>between them.
>>>>
>>>>
>>>>
>>>>""Rebecca Chen [MSFT]"" <v-rebc@xxxxxxxxxxxxxxxxxxxx> wrote in message
>>>>news:<m40pFuifFHA.1336@xxxxxxxxxxxxxxxxxxxxx>...
>>>>> Hi Gabe,
>>>>>
>>>>> I have received three files.
>>>>>
>>>>> Based on my reseach, since this issue only occur when win2k validate
>>>trust
>>>>> to win2k3, it is sucessfully that win2k3 vallidate to win2k.
Therefore,
>>>>> probably, it is caused by the ports blocked by firewall.
>>>>>
>>>>> Throught the MPSreport, I have found you installed CPQTEAM, which is
a
>>>>> network application. I am not sure if it is a kind of firewall,
>>>>> however,
>>>>> please check it and the windows firwall if port 445 and port 137 are
>>>>> opened. I have seen a similar issue and the root cuase is two ports
are
>>>>> deleted and cause the network package cannot be returned to win2k
>> server.
>>>>>
>>>>> Please open the port to check the status and post back if there is any
>>>>> update.
>>>>>
>>>>> Good luck!
>>>>>
>>>>> Best regards,
>>>>>
>>>>> Rebecca Chen
>>>>>
>>>>> MCSE2000 MCDBA CCNA
>>>>>
>>>>>
>>>>> Microsoft Online Partner Support
>>>>> Get Secure! - www.microsoft.com/security
>>>>>
>>>>> =====================================================
>>>>>
>>>>> When responding to posts, please "Reply to Group" via your newsreader
>>>>> so
>>>>> that others may learn and benefit from your issue.
>>>>>
>>>>> =====================================================
>>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>>> rights.
>>>>>
>>>>> --------------------
>>>>> >From: "Gabe Knuth" <gknuth@xxxxxxxxxxxxxx>
>>>>> >References: <#F9Ur0NfFHA.3916@xxxxxxxxxxxxxxxxxxxx>
>>>>> <eEIKYjOfFHA.2424@xxxxxxxxxxxxxxxxxxxx>
>>>>> <OJvQsqOfFHA.3304@xxxxxxxxxxxxxxxxxxxx>
>>>>> <n#V1pFUfFHA.944@xxxxxxxxxxxxxxxxxxxxx>
>>>>> >Subject: Re: Trust Issues
>>>>> >Date: Thu, 30 Jun 2005 08:56:19 -0500
>>>>> >Lines: 167
>>>>> >X-Priority: 3
>>>>> >X-MSMail-Priority: Normal
>>>>> >X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>>>>> >X-RFC2646: Format=Flowed; Original
>>>>> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>>>>> >Message-ID: <eXGAguXfFHA.3460@xxxxxxxxxxxxxxxxxxxx>
>>>>> >Newsgroups: microsoft.public.windows.server.general
>>>>> >NNTP-Posting-Host: 65.247.121.5
>>>>> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
>>>>> >Xref: TK2MSFTNGXA01.phx.gbl
>>>microsoft.public.windows.server.general:41231
>>>>> >X-Tomcat-NG: microsoft.public.windows.server.general
>>>>> >
>>>>> >Thanks, Rebecca.
>>>>> >
>>>>> >In my first post I mentioned that I put entries in both LMHOSTS file.
>>>>> >Everything is in all CAPS, and after making the LMHOSTS entry, I ran
>>>>> >nbtstat -R and nbtstat -c...everything looks right.
>>>>> >
>>>>> >I'll email the image, but anyone else can see it here:
>>>>> >http://www.gabeknuth.com/trusterr.bmp
>>>>> >
>>>>> >Thanks,
>>>>> >Gabe
>>>>> >
>>>>> >""Rebecca Chen [MSFT]"" <v-rebc@xxxxxxxxxxxxxxxxxxxx> wrote in
message
>>>>> >news:n%23V1pFUfFHA.944@xxxxxxxxxxxxxxxxxxxxxxxx
>>>>> >> Hi Gabe ,
>>>>> >>
>>>>> >> I agree with Todd that this message is misleading, probably, it is
a
>>>>> >> name
>>>>> >> resolution issue. My expereince is that lmhost entry is very
>>>important.
>>>>> >> I
>>>>> >> have taken long time to get NT and win2k3 trust work after
>>>>> >> carefullly
>>>>> >> adding the lmhost host entry since the entry has very strict
>>>>> requirement.
>>>>> >> I
>>>>> >> understand you have added the entry in lmhost file, however, please
>>>>> >> re-check the entry like follows:
>>>>> >>
>>>>> >> 10.0.0.1 PDCNAME #PRE #DOM:DOMAIN-NAME
>>>>> >> 10.0.0.1 "DOMAIN-NAME \0x1b" #PRE
>>>>> >>
>>>>> >> Note The domain name in this entry is case sensitive. Make sure
that
>>>>> >> you
>>>>> >> use uppercase characters for the domain name. If you use lowercase
>>>>> >> characters for the domain name, NetBT does not recognize the name.
>>>>> >>
>>>>> >> Note Make sure that you space these entries correctly. Replace
>>>10.0.0.1
>>>>> >> with the IP address of your primary domain controller (PDC).
Replace
>>>>> >> PDCName with the NetBIOS name of your PDC, and replace domain with
>>>your
>>>>> >> Windows NT domain name. There must be a total of 20 characters
>> within
>>>>> >> the
>>>>> >> quotations (the domain name plus the appropriate number of spaces
to
>>>>> >> pad
>>>>> >> up
>>>>> >> to 15 characters, plus the backslash, plus the NetBIOS hex
>>>>> >> representation
>>>>> >> of the service type).
>>>>> >>
>>>>> >>
>>>>> >> After correctly key in the entry, the issue is gone at my side.
With
>>>>> >> this
>>>>> >> entry, you can sucessfully ping throught the desitnation server
>>>without
>>>>> >> DNS
>>>>> >> and WINS server since the DC will this entry to find the
destination
>>>>> >> server. Fore more details, please refer to the following article:
>>>>> >>
>>>>> >> 180094 How to write an LMHOSTS file for domain validation
>>>>> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;180094
>>>>> >>
>>>>> >> If the issue persists, please help me gather the folloiwng
>>>>> >> information:
>>>>> >> 1. Take a screen shot of the error and send it to
>> v-rebc@xxxxxxxxxxxxx
>>>>> for
>>>>> >> research.
>>>>> >> 2. Refer to the following steps to run MPSReport on BOTH source DC
>> and
>>>>> >> desination DC, send me the MPSReport and let me know which one is
>>>>> >> the
>>>>> >> source, which one is the desitination and when the error occurs:
>>>>> >>
>>>>> >> please download the MPS report tool from the following link and
send
>>>>> >> the
>>>>> >> result (CAB) file to me. This log file can help me clarify the
>>>computer
>>>>> >> configuration.
>>>>> >>
>>>>> >>
>>>>>
>>><http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b
0b
>> d
>>>>> >> 915706/MPSRPT_SETUPPerf.EXE>
>>>>> >>
>>>>> >> a. Double click this file to run it.
>>>>> >> b. After that, please go to
>>>>> C:\windows\MPSReports\Setup\Reports\Cab
>>>>> >> .
>>>>> >> c. Find a file named [COMPUTERNAME]_MPSReports.CAB
>>>>> >> d. Send this cab file to me at v-rebc@xxxxxxxxxxxxx
>>>>> >>
>>>>> >> Any udpate, let's get in touch!
>>>>> >>
>>>>> >> Best regards,
>>>>> >>
>>>>> >> Rebecca Chen
>>>>> >>
>>>>> >> MCSE2000 MCDBA CCNA
>>>>> >>
>>>>> >>
>>>>> >> Microsoft Online Partner Support
>>>>> >> Get Secure! - www.microsoft.com/security
>>>>> >>
>>>>> >> =====================================================
>>>>> >>
>>>>> >> When responding to posts, please "Reply to Group" via your
>> newsreader
>>>>> >> so
>>>>> >> that others may learn and benefit from your issue.
>>>>> >>
>>>>> >> =====================================================
>>>>> >> This posting is provided "AS IS" with no warranties, and confers no
>>>>> >> rights.
>>>>> >>
>>>>> >> --------------------
>>>>> >>>From: "Gabe Knuth" <gknuth@xxxxxxxxxxxxxx>
>>>>> >>>References: <#F9Ur0NfFHA.3916@xxxxxxxxxxxxxxxxxxxx>
>>>>> >> <eEIKYjOfFHA.2424@xxxxxxxxxxxxxxxxxxxx>
>>>>> >>>Subject: Re: Trust Issues
>>>>> >>>Date: Wed, 29 Jun 2005 15:38:45 -0500
>>>>> >>>Lines: 49
>>>>> >>>X-Priority: 3
>>>>> >>>X-MSMail-Priority: Normal
>>>>> >>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>>>>> >>>X-RFC2646: Format=Flowed; Original
>>>>> >>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>>>>> >>>Message-ID: <OJvQsqOfFHA.3304@xxxxxxxxxxxxxxxxxxxx>
>>>>> >>>Newsgroups: microsoft.public.windows.server.general
>>>>> >>>NNTP-Posting-Host: 65.247.121.5
>>>>> >>>Path:
>>>>> >>>TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
>>>>> >>>Xref: TK2MSFTNGXA01.phx.gbl
>>>>> >>>microsoft.public.windows.server.general:41162
>>>>> >>>X-Tomcat-NG: microsoft.public.windows.server.general
>>>>> >>>
>>>>> >>>Unfortunately (or fortunately), it's not SP1 .
>>>>> >>>
>>>>> >>>Thanks for the try...
>>>>> >>>
>>>>> >>>"Doug Sherman [MVP]" <dsherman@xxxxxxxxxxxxxxxxxxxxx> wrote in
>> message
>>>>> >>>news:eEIKYjOfFHA.2424@xxxxxxxxxxxxxxxxxxxxxxx
>>>>> >>>>I have not encountered this error in the context of trusts.
>>>>> >>>> However, if the Win 2003 DC is running SP1, see this:
>>>>> >>>>
>>>>> >>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;895085
>>>>> >>>>
>>>>> >>>> Doug Sherman
>>>>> >>>> MCSE, MCSA, MCP+I, MVP
>>>>> >>>>
>>>>> >>>> "Gabe Knuth" <gknuth@xxxxxxxxxxxxxx> wrote in message
>>>>> >>>> news:#F9Ur0NfFHA.3916@xxxxxxxxxxxxxxxxxxxxxxx
>>>>> >>>>> All,
>>>>> >>>>>
>>>>> >>>>> I'm trying to set up a two-way external trust between a Windows
>>>2000
>>>>> AD
>>>>> >>>> and
>>>>> >>>>> a Windows 2003 AD.
>>>>> >>>>>
>>>>> >>>>> From the 2003 side, I can set up the trust just fine and verify
>>>>> >> outgoing.
>>>>> >>>>> On the 2000 side, I can create the trust, but when I verify it,
I
>>>>> >> receive
>>>>> >>>>> the following error:
>>>>> >>>>>
>>>>> >>>>> "Information from the primary domain controller for the domain
>>>>> >> werner.com
>>>>> >>>>> cannot be obtained because: the RPC server is unavailable. Make
>>>>> >>>>> sure
>>>>> >>>>> that
>>>>> >>>>> the PDC is operating properly and then try again."
>>>>> >>>>>
>>>>> >>>>> I've been through this forum a dozen times so far. I've found
>>>posts
>>>>> >> that
>>>>> >>>>> suggest pinging the domain names (which works), adding entries
to
>>>>> >>>>> the
>>>>> >>>>> LMHOSTS file (which I did), making sure the RPC service is
>> running
>>>>> >>>>> (it
>>>>> >>>> is),
>>>>> >>>>> and adding the trusted domain as a secondary DNS zone to on each
>>>>> domain
>>>>> >>>>> (also done), but none of them has worked.
>>>>> >>>>>
>>>>> >>>>> Can anyone think of anything else?
>>>>> >>>>>
>>>>> >>>>> Thanks,
>>>>> >>>>> Gabe
>>>>> >>>>> gknuth at werner dot com
>>>>> >>>>>
>>>>> >>>>>
>>>>> >>>>
>>>>> >>>>
>>>>> >>>
>>>>> >>>
>>>>> >>>
>>>>> >>
>>>>> >
>>>>> >
>>>>> >
>>>>>
>>>>
>>>>
>>>
>>>
>>
>
>
>
.
- Follow-Ups:
- Re: Trust Issues
- From: Cristina Boero S.
- Re: Trust Issues
- References:
- Re: Trust Issues
- From: "Rebecca Chen [MSFT]"
- Re: Trust Issues
- From: Gabe Knuth
- Re: Trust Issues
- From: "Rebecca Chen [MSFT]"
- Re: Trust Issues
- From: "Rebecca Chen [MSFT]"
- Re: Trust Issues
- From: Gabe Knuth
- Re: Trust Issues
- Prev by Date: performance logs and alerts through Terminal session.
- Next by Date: Re: Import users from tab delimited file
- Previous by thread: Re: Trust Issues
- Next by thread: Re: Trust Issues
- Index(es):
Relevant Pages
|
