Re: Trust Issues
- From: "Cristina Boero S." <Cristina Boero S.@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 7 Jul 2005 10:28:01 -0700
Hello!! I´m the same issue, the same error, but, I have Windows 2003 AD in
both sides, with SP1. In my case, I have a great production domain and I have
set 2 additional domains for 2 new little areas. I set a two way external
trust with the other new domain, and it can set, but i cannot validate it on
any of two DC of the great production domain. I can view users of the other
domain to set permissions in shared folders, but, I can´t set permissions to
sharepoint and Project Server (Those servers belong to the great domain)...
Last week. I set a one way external trust between the great domain and one
of the new domains and it works fine! The only difference between 2 new
little domains is that one DC (where trust works) doesn´t have W2K3 SP1.
I didn´t add any trusted domain as a secondary DNS zone, but I set DNS
forwarders. All Servers are in the same subnet and I can ping all DC-names
(dns and netbios name) in all sides. The great domain is compatible with
pre-2000 OS, but the 2 new domains not. The primary DC of the great domain is
a HP Itanium II (64 bits), the same error of Gabe appear in this DC. The
other DC ask for an administrator account in order to validate the trust, but
never doesn´t accept the user/password that I provide (it´s the correct
user/password).
Please, help me, Rebeca! I couldn´t image that the new trust wouldn´t work,
and the three domains are in production...
""Rebecca Chen [MSFT]"" wrote:
> Hi Gabe,
>
> I understand. The reason I have asked for MPSreport is going to see many
> configuraitons including the networking; however, using Virtual machine is
> a very good idea for test purpost but not for troubleshooting at some times
> since it is hard to determine if the VMWare image, VMware options or other
> cause.
>
> I understand you have call the phone support to contiune to work on this
> issue. I believe others will get benifits if you would post back the
> resolution.
>
> On other hand, if this issue could be reproduced on the real machine, you
> are welcome to continue work here in the newsgroup.
>
> Thank you for your understanding.
>
> Best regards,
>
> Rebecca Chen
>
> MCSE2000 MCDBA CCNA
>
>
> Microsoft Online Partner Support
> Get Secure! - www.microsoft.com/security
>
> =====================================================
>
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
>
> =====================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> --------------------
> >From: "Gabe Knuth" <gknuth@xxxxxxxxxxxxxx>
> >References: <#F9Ur0NfFHA.3916@xxxxxxxxxxxxxxxxxxxx>
> <eEIKYjOfFHA.2424@xxxxxxxxxxxxxxxxxxxx>
> <OJvQsqOfFHA.3304@xxxxxxxxxxxxxxxxxxxx>
> <n#V1pFUfFHA.944@xxxxxxxxxxxxxxxxxxxxx>
> <eXGAguXfFHA.3460@xxxxxxxxxxxxxxxxxxxx>
> <m40pFuifFHA.1336@xxxxxxxxxxxxxxxxxxxxx>
> <uqUvJokfFHA.3164@xxxxxxxxxxxxxxxxxxxx>
> <zx86BKIgFHA.1184@xxxxxxxxxxxxxxxxxxxxx>
> <EgBOlZIgFHA.940@xxxxxxxxxxxxxxxxxxxxx>
> >Subject: Re: Trust Issues
> >Date: Wed, 6 Jul 2005 10:20:36 -0500
> >Lines: 442
> >X-Priority: 3
> >X-MSMail-Priority: Normal
> >X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
> >X-RFC2646: Format=Flowed; Original
> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
> >Message-ID: <e#zbm5jgFHA.3616@xxxxxxxxxxxxxxxxxxxx>
> >Newsgroups: microsoft.public.windows.server.general
> >NNTP-Posting-Host: 65.247.121.5
> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
> >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.general:41775
> >X-Tomcat-NG: microsoft.public.windows.server.general
> >
> >I put them in the VM to see if I could recreate them and not affect my
> >production environment. It is the same exact problem in the lab. I'm not
> >about to put my production environment at risk if I can recreate so
> >faithfully in a non-production setting. I could just as easily run the
> >report utility on the production server and still work on any solutions in
> >the lab. I could load it on VirtualPC or Virtual Server too. You'd have
> >the same information.
> >
> >Also, the CPQTEAM is simply the NIC teaming software for the HP server
> that
> >the production DC runs on. It is not configured, and is not having an
> >effect on the problem.
> >
> >We can go ahead and kill this thread. I'm just going to call support.
> >
> >""Rebecca Chen [MSFT]"" <v-rebc@xxxxxxxxxxxxxxxxxxxx> wrote in message
> >news:EgBOlZIgFHA.940@xxxxxxxxxxxxxxxxxxxxxxxx
> >> Hi Gabe,
> >>
> >> I have found the following founds:
> >>
> >> 1. One thing is incorrect in the system log on win2k3 DC, please check
> the
> >> system time on win2k3 DC, it goes to 2006 year. Please correct the date
> >> and
> >> the time, restart the machine to check the status.
> >>
> >> 2. These two systems are the virtual machine in VMware. Unfortunately,
> >> VMware virtual machine is not supported in this newsgroup since we lack
> of
> >> resource about the how Vmware works and this issue may be related to the
> >> VMware configuration.
> >>
> >> Please build up two real machine in the network to check if the same
> >> issue
> >> occurs. If the same issue occur, I am glad to contiune to work on with
> >> this
> >> issue.
> >>
> >> Thank you for your understanding!
> >>
> >>
> >>
> >> Best regards,
> >>
> >> Rebecca Chen
> >>
> >> MCSE2000 MCDBA CCNA
> >>
> >>
> >> Microsoft Online Partner Support
> >> Get Secure! - www.microsoft.com/security
> >>
> >> =====================================================
> >>
> >> When responding to posts, please "Reply to Group" via your newsreader so
> >> that others may learn and benefit from your issue.
> >>
> >> =====================================================
> >> This posting is provided "AS IS" with no warranties, and confers no
> >> rights.
> >>
> >> --------------------
> >>>X-Tomcat-ID: 151901727
> >>>References: <#F9Ur0NfFHA.3916@xxxxxxxxxxxxxxxxxxxx>
> >> <eEIKYjOfFHA.2424@xxxxxxxxxxxxxxxxxxxx>
> >> <OJvQsqOfFHA.3304@xxxxxxxxxxxxxxxxxxxx>
> >> <n#V1pFUfFHA.944@xxxxxxxxxxxxxxxxxxxxx>
> >> <eXGAguXfFHA.3460@xxxxxxxxxxxxxxxxxxxx>
> >> <m40pFuifFHA.1336@xxxxxxxxxxxxxxxxxxxxx>
> >> <uqUvJokfFHA.3164@xxxxxxxxxxxxxxxxxxxx>
> >>>MIME-Version: 1.0
> >>>Content-Type: text/plain
> >>>Content-Transfer-Encoding: 7bit
> >>>From: v-rebc@xxxxxxxxxxxxxxxxxxxx ("Rebecca Chen [MSFT]")
> >>>Organization: Microsoft
> >>>Date: Mon, 04 Jul 2005 10:24:02 GMT
> >>>Subject: Re: Trust Issues
> >>>X-Tomcat-NG: microsoft.public.windows.server.general
> >>>Message-ID: <zx86BKIgFHA.1184@xxxxxxxxxxxxxxxxxxxxx>
> >>>Newsgroups: microsoft.public.windows.server.general
> >>>Lines: 299
> >>>Path: TK2MSFTNGXA01.phx.gbl
> >>>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.general:41597
> >>>NNTP-Posting-Host: tomcatimport2.phx.gbl 10.201.218.182
> >>>
> >>>Hi Gabe,
> >>>
> >>>Thanks for the update!
> >>>
> >>>I understand both of two DCs in the same subnet and there is no firewall
> >>>between them, however, I am not sure how the CPQTEAM acts and if it has
> >>>similiar function to block the port. This is the reason I confirm with
> >> you.
> >>>I apologize for any confusion.
> >>>
> >>>This issue does like a little wierd. I would like to confirm that are you
> >>>able to sccuessfullly add win2k3 domain account to the win2k domain? In
> >>>other words, if you share a folder in win2k domain, are you able to
> select
> >>>win2k3 domain and add account to the folder Security tab? If you share a
> >>>folder in win2k3 domain, are you able to select win2k domain and add
> >>>account to the folder Security tab?
> >>>
> >>>I ask these questions intend to know if the trust has been sucessfully
> >>>establish and the only issue is you receveid the error message when
> >>>validate this trust; or the trust has not been succussfully established
> at
> >>>all.
> >>>
> >>>On other hand, I will perform more resaerch on this issue and post back
> if
> >>>I have any found.
> >>>
> >>>Thank you for your patience!
> >>>
> >>>Best regards,
> >>>
> >>>Rebecca Chen
> >>>
> >>>MCSE2000 MCDBA CCNA
> >>>
> >>>
> >>>Microsoft Online Partner Support
> >>>Get Secure! - www.microsoft.com/security
> >>>
> >>>=====================================================
> >>>
> >>>When responding to posts, please "Reply to Group" via your newsreader so
> >>>that others may learn and benefit from your issue.
> >>>
> >>>=====================================================
> >>>This posting is provided "AS IS" with no warranties, and confers no
> >>>rights.
> >>>
> >>>--------------------
> >>>>From: "Gabe Knuth" <gknuth@xxxxxxxxxxxxxx>
> >>>>References: <#F9Ur0NfFHA.3916@xxxxxxxxxxxxxxxxxxxx>
> >>><eEIKYjOfFHA.2424@xxxxxxxxxxxxxxxxxxxx>
> >>><OJvQsqOfFHA.3304@xxxxxxxxxxxxxxxxxxxx>
> >>><n#V1pFUfFHA.944@xxxxxxxxxxxxxxxxxxxxx>
> >>><eXGAguXfFHA.3460@xxxxxxxxxxxxxxxxxxxx>
> >>><m40pFuifFHA.1336@xxxxxxxxxxxxxxxxxxxxx>
> >>>>Subject: Re: Trust Issues
> >>>>Date: Fri, 1 Jul 2005 09:33:54 -0500
> >>>>Lines: 259
> >>>>X-Priority: 3
> >>>>X-MSMail-Priority: Normal
> >>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
> >>>>X-RFC2646: Format=Flowed; Original
> >>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
> >>>>Message-ID: <uqUvJokfFHA.3164@xxxxxxxxxxxxxxxxxxxx>
> >>>>Newsgroups: microsoft.public.windows.server.general
> >>>>NNTP-Posting-Host: 65.247.121.5
> >>>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
> >>>>Xref: TK2MSFTNGXA01.phx.gbl
> microsoft.public.windows.server.general:41405
> >>>>X-Tomcat-NG: microsoft.public.windows.server.general
> >>>>
> >>>>Rebecca,
> >>>>
> >>>>In my email to you, I stated that the servers are on the same subnet.
> >>>There
> >>>>is no firewall between them. There appear to be no name resolution
> >>>problems
> >>>>between them.
> >>>>
> >>>>
> >>>>
> >>>>""Rebecca Chen [MSFT]"" <v-rebc@xxxxxxxxxxxxxxxxxxxx> wrote in message
> >>>>news:<m40pFuifFHA.1336@xxxxxxxxxxxxxxxxxxxxx>...
> >>>>> Hi Gabe,
> >>>>>
> >>>>> I have received three files.
> >>>>>
> >>>>> Based on my reseach, since this issue only occur when win2k validate
> >>>trust
> >>>>> to win2k3, it is sucessfully that win2k3 vallidate to win2k.
> Therefore,
> >>>>> probably, it is caused by the ports blocked by firewall.
> >>>>>
> >>>>> Throught the MPSreport, I have found you installed CPQTEAM, which is
> a
> >>>>> network application. I am not sure if it is a kind of firewall,
> >>>>> however,
> >>>>> please check it and the windows firwall if port 445 and port 137 are
> >>>>> opened. I have seen a similar issue and the root cuase is two ports
> are
> >>>>> deleted and cause the network package cannot be returned to win2k
> >> server.
> >>>>>
> >>>>> Please open the port to check the status and post back if there is any
> >>>>> update.
> >>>>>
> >>>>> Good luck!
> >>>>>
> >>>>> Best regards,
> >>>>>
> >>>>> Rebecca Chen
> >>>>>
> >>>>> MCSE2000 MCDBA CCNA
> >>>>>
> >>>>>
> >>>>> Microsoft Online Partner Support
> >>>>> Get Secure! - www.microsoft.com/security
> >>>>>
> >>>>> =====================================================
> >>>>>
> >>>>> When responding to posts, please "Reply to Group" via your newsreader
> >>>>> so
> >>>>> that others may learn and benefit from your issue.
> >>>>>
> >>>>> =====================================================
> >>>>> This posting is provided "AS IS" with no warranties, and confers no
> >>>>> rights.
> >>>>>
> >>>>> --------------------
> >>>>> >From: "Gabe Knuth" <gknuth@xxxxxxxxxxxxxx>
> >>>>> >References: <#F9Ur0NfFHA.3916@xxxxxxxxxxxxxxxxxxxx>
> >>>>> <eEIKYjOfFHA.2424@xxxxxxxxxxxxxxxxxxxx>
> >>>>> <OJvQsqOfFHA.3304@xxxxxxxxxxxxxxxxxxxx>
> >>>>> <n#V1pFUfFHA.944@xxxxxxxxxxxxxxxxxxxxx>
> >>>>> >Subject: Re: Trust Issues
> >>>>> >Date: Thu, 30 Jun 2005 08:56:19 -0500
> >>>>> >Lines: 167
> >>>>> >X-Priority: 3
> >>>>> >X-MSMail-Priority: Normal
> >>>>> >X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
> >>>>> >X-RFC2646: Format=Flowed; Original
> >>>>> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
> >>>>> >Message-ID: <eXGAguXfFHA.3460@xxxxxxxxxxxxxxxxxxxx>
> >>>>> >Newsgroups: microsoft.public.windows.server.general
> >>>>> >NNTP-Posting-Host: 65.247.121.5
> >>>>> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
> >>>>> >Xref: TK2MSFTNGXA01.phx.gbl
> >>>microsoft.public.windows.server.general:41231
> >>>>> >X-Tomcat-NG: microsoft.public.windows.server.general
> >>>>> >
> >>>>> >Thanks, Rebecca.
.
- References:
- Re: Trust Issues
- From: "Rebecca Chen [MSFT]"
- Re: Trust Issues
- From: Gabe Knuth
- Re: Trust Issues
- From: "Rebecca Chen [MSFT]"
- Re: Trust Issues
- From: "Rebecca Chen [MSFT]"
- Re: Trust Issues
- From: Gabe Knuth
- Re: Trust Issues
- From: "Rebecca Chen [MSFT]"
- Re: Trust Issues
- Prev by Date: RE: How to disable PAE in Windows 2K3 SP1.
- Next by Date: Windows Backup won't start
- Previous by thread: Re: Trust Issues
- Next by thread: RE: How does Shadow Copies for Shared Folders handle file deletion?
- Index(es):
Relevant Pages
|
