FIXED ** Re: nt - 2003 trust: Extended Error message
From: Dave (Dave_at_discussions.microsoft.com)
Date: 03/04/05
- Next message: Curt Johnson: "RE: NT 4 server with 2003 server"
- Previous message: btbadmin: "Migrate a server who has a RAID 5"
- In reply to: Dave: "Re: nt - 2003 trust: Extended Error message"
- Next in thread: Frances [MSFT]: "RE: FIXED ** Re: nt - 2003 trust: Extended Error message"
- Reply: Frances [MSFT]: "RE: FIXED ** Re: nt - 2003 trust: Extended Error message"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 4 Mar 2005 08:11:11 -0800
Ok, I finally got this fixed. When creating my trust on 2003, I was choosing
ALLOW AUTHENTICATION ONLY FOR SELECTED RESOURCES IN THE LOCAL DOMAIN instead
of for ALL RESOURCES. Even though I gave correct permissions after creating
the trust, it apparantly didn't like that option. So I recreated the trust
choosing the option ALLOW AUTHENTICATION FOR ALL RESOURCES IN THE LOCAL
DOMAIN and it's working!!!
Thanks for your help,
dave
"Dave" wrote:
> Ok, maybe it's not my security settings....
>
> I built a new bdc in my NT Imaging domain, put it on a test network and
> promoted it to a PDC.
>
> Then I built a new 2003 DC and put it on the test network.
>
> I installed DNS and Wins on the 2003 DC and pointed both servers to it.
>
> I created the trust with no problem, but I still get the "An extended error
> has occured" when I try and access a resource from my NT server to the 2003
> server.
> So it's got to be something I'm doing, but I don't know what. I've done
> this before with no problems.
>
>
>
>
> "Dave" wrote:
>
> > On a side note...
> > My auditors have had me make numerous changes on our NT DC's for security
> > purposes. For example, I have enabled PASSFILT.DLL, I had to add the
> > RestrictAnonymous registry key, etc...
> >
> > I have a feeling this is related, but I do have a trust from my Imaging
> > domain that works to a Windows 2000 domain. It is only the new 2003 domain
> > that is not working.
> >
> > If you need more detail of my registry settings, let me know.
> >
> >
> >
> > "Dave" wrote:
> >
> > > Thanks for your help! Ok, here's the setup. My NT domain is called Imaging.
> > > My 2003 domain is called RBCINT.COM. My two domains are in the same
> > > building, but on separate subnets. There is no firewall between. I am not
> > > using any workstations, but only the domain controllers to test. My Imaging
> > > domain has one PDC, and one BDC. The PDC is named ImagingDC1, and the BDC is
> > > named Imaging DC2. I only have one DC in my 2003 domain called DC1.
> > >
> > > Both servers are pointed to the same Wins and DNS server, and I can resolve
> > > names no problems. After I set up my trust, I can also Validate it
> > > successfully from DC1.
> > >
> > > On the netdom stuff:
> > > 1. I ran Netdom Master from a workstation in the Imaging domain and had no
> > > errors.
> > > 2. On ImagingDC1, (nt server) I ran NETDOM QUERY \\DC1 and got an error:
> > > The RPC server is unavailable.
> > > 4. On DC1 (2003 server) I ran NETDOM VERIFY IMAGINGDC1 /Domain:IMAGING and
> > > got an error:
> > > The specified domain either does not exist or could not be contacted.
> > >
> > > Thanks!
> > >
> > >
> > >
> > > "Frances [MSFT]" wrote:
> > >
> > > > Hello,
> > > >
> > > > Good to hear from you.
> > > >
> > > > I understand you get event 537 when accessing resources from NT to win2k3
> > > > domain.
> > > >
> > > > Please give me more information about the domains. How are the 2 domains
> > > > connected? How many DCs in your NT domain and win2k3 domain? Do you have
> > > > any firewalls between these locations? For clarify, let us name the
> > > > computer in win2k3 winC, the workstation you logon as NTC. Is winC a DC or
> > > > member server?
> > > >
> > > > Please do the following steps to isolate the issue.
> > > >
> > > > 1. On NTC please verify its secure channel to its domain with netdom.
> > > > Note: Netdom is OS specific so use the correct version.
> > > >
> > > > Use the command "Netdom master" to verify the secure channel.
> > > >
> > > > Refer to the following article for more information.
> > > >
> > > > 175025 How to Build and Reset a Trust Relationship from a Command Line
> > > > http://support.microsoft.com/?id=175025
> > > >
> > > > 2. Verify the PDC/BDC in NT that has the secure channel with NTC and verify
> > > > its secure channel with its own domain plus with the trusting domain.
> > > >
> > > > 3. On winC verify its secure channel to its domain with netdom.
> > > >
> > > > The command NETDOM VERIFY verifies the secure connection between a
> > > > workstation and a domain controller.
> > > >
> > > > For more information on the NETDOM syntax please see the article below:
> > > >
> > > > NetDom Syntax
> > > > http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techre
> > > > f/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techre
> > > > f/en-us/NetDom_syntax.asp
> > > >
> > > > 4. Verify the DC in win2k3 domain that has the secure channel with winC and
> > > > verify its secure channel with its own domain plus with the trusting
> > > > domain.
> > > > If winC is a DC itself, you can skip this step.
> > > >
> > > > Please tell me the results. I am looking forward to your reply.
> > > >
> > > > Best regards,
> > > >
> > > > Frances He
> > > >
> > > >
> > > > Microsoft Online Partner Support
> > > > Get Secure! - www.microsoft.com/security
> > > >
> > > > =====================================================
> > > >
> > > > When responding to posts, please "Reply to Group" via your newsreader so
> > > > that others may learn and benefit from your issue.
> > > >
> > > > =====================================================
> > > > This posting is provided "AS IS" with no warranties, and confers no rights.
> > > >
> > > >
- Next message: Curt Johnson: "RE: NT 4 server with 2003 server"
- Previous message: btbadmin: "Migrate a server who has a RAID 5"
- In reply to: Dave: "Re: nt - 2003 trust: Extended Error message"
- Next in thread: Frances [MSFT]: "RE: FIXED ** Re: nt - 2003 trust: Extended Error message"
- Reply: Frances [MSFT]: "RE: FIXED ** Re: nt - 2003 trust: Extended Error message"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
