RE: Trust Relationships problem nt4->2003
- From: v-amanwa@xxxxxxxxxxxxxxxxxxxx (Amanda Wang [MSFT])
- Date: Tue, 10 May 2005 09:09:07 GMT
Hello,
Thanks for your update.
After adding an host IP entry on the lmhost file on the NT4 server and when
adding a trust in the NT4 server to trust the new 2003 domain, you still
get the "could not find domain controller for this domain" error.
I have performed more research on this issue and found that Windows NT 4.0
Service Pack 3 and in a hotfix for Windows NT 3.51 have a registry setting
that permits administrators to restrict the ability for anonymous logon
users (also known as NULL session connections) to list account names and
enumerate share names. This registry setting also restricts a trusting
domain from establishing a connection to the trusted primary domain
controller to establish a trust relationship. I think it maybe is the root
cause.
You can try to perform the following steps to resolve the issue:
WARNING: If you use Registry Editor incorrectly, you may cause serious
problems that may require you to reinstall your operating system. Microsoft
cannot guarantee that you can solve problems that result from using
Registry Editor incorrectly. Use Registry Editor at your own risk. Set the
RestrictAnonymous value to 0 in the registry, or remove the value to
establish the trust.
1. Open Registry Editor.
2. Locate the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA
3. Click to select the following value:
RestrictAnonymous
4. On the Edit menu, click DWORD, and then change the data (value) to 0, as
indicated in the following information:
Value Name: RestrictAnonymous
Data Type: REG_DWORD
Value: 0
5. Exit Registry Editor, and then restart the computer for the change to
take effect.
HTH! If there is anything unclear, please feel free to post back.
Thanks & Regards
Amanda Wang [MSFT]
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
====================================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================================
--------------------
>Thread-Topic: Trust Relationships problem nt4->2003
>thread-index: AcVUh486MP5T3KbJQoKh0V8XeMGR8A==
>X-WBNR-Posting-Host: 212.179.59.106
>From: "=?Utf-8?B?157Xmden15k=?=" <@discussions.microsoft.com>
>References: <8AC3C08C-F19B-4C5F-989B-E566AA5FFA22@xxxxxxxxxxxxx>
<8vuc45FVFHA.3928@xxxxxxxxxxxxxxxxxxxxx>
>Subject: RE: Trust Relationships problem nt4->2003
>Date: Mon, 9 May 2005 04:09:25 -0700
>Lines: 140
>Message-ID: <A9E0FEE4-CFFC-4FBF-BEED-13E860643226@xxxxxxxxxxxxx>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.windows.server.migration
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.migration:10077
>X-Tomcat-NG: microsoft.public.windows.server.migration
>
>Hi Amanda
>I have a problem to add a trust in the Nt4 server to trust the new 2003
domain
>
>I add an host ip entry on the lmhost file on the nt4 server
>and still I get an >"could not find domain controller for this domain"
>
>what am I doing wrong ????
>
>
>
>
>
>
>"Amanda Wang [MSFT]" wrote:
>
>> Hello,
>>
>> Thanks for posting.
>>
>> My understanding on this issue is that when adding NT to the trusted
>> domains field, you get an error message like: "could not find domain
>> controller for this domain". If I have misunderstood, please feel free
to
>> let me know.
>>
>> Based on my research, the cause should be that if the 1b (domain master
>> browser) and 1c (domain controller) NetBIOS names for the PDC in the
>> trusted domain are not registered in the Windows Internet Naming Service
>> (WINS). This can occur when the WINS servers in the two domains do not
>> replicate to each other.
>>
>> We can try to establish the trust with lmhosts files. Modify the
Lmhosts
>> file that contains the 1b and 1c entries for the PDC of the trusted
domain:
>>
>> 1. In a text editor (such as Notepad), open the Lmhosts file located in
the
>> %SystemRoot%\System32\drivers\etc folder.
>>
>> 2. Add the following lines to the Lmhosts file, using the name of the
>> trusted domain, the Internet Protocol (IP) address, and the NetBIOS name
of
>> the PDC in the trusted domain, as indicated in the following example:
>>
>> 10.0.0.1 PDCName #PRE #DOM:DomainName
>> 10.0.0.1 "DOMAINNAME \0x1b" #PRE
>>
>>
>> o Replace 10.0.0.1 in the example with the IP address of the PDC in the
>> trusted domain.
>>
>> o Replace the PDCName with the NetBIOS name of the trusted domain PDC.
When
>> you specify the NetBIOS suffix (the sixteenth character), the spacing
>> between the quotation marks is critical. There must be a total of 20
>> characters within the quotation marks (the domain name plus the
appropriate
>> number of spaces to pad up to 15 characters plus the backslash (\) plus
the
>> NetBIOS hex representation of the service type).
>>
>> o Replace DomainName with the Windows NT 4.0 domain name of the trusted
>> domain.
>>
>> 3. Save the changes to the Lmhosts file.
>>
>> 4. Specify the use of the Lmhosts file:
>>
>> a. In Control Panel, double-click Network.
>> b. Click the Protocols tab.
>> c. In the Network Protocols box, click TCP/IP Protocol, and then click
>> Properties.
>> d. In the WINS Address tab, click the Enable LMHOSTS Lookup check box,
and
>> then click OK.
>>
>> 5. Click Yes when you are prompted to restart your computer.
>>
>> HTH!
>>
>> Thanks & Regards
>>
>> Amanda Wang [MSFT]
>>
>> Microsoft Online Partner Support
>>
>> Get Secure! - www.microsoft.com/security
>>
>> ====================================================================
>>
>> When responding to posts, please "Reply to Group" via your newsreader so
>> that others may learn and benefit from your issue.
>>
>> =====================================================================
>>
>> --------------------
>> >Thread-Topic: Trust Relationships problem nt4->2003
>> >thread-index: AcVT2mxuSbw4Yt/6SPGllbTKD2FMog==
>> >X-WBNR-Posting-Host: 212.179.59.106
>> >From: "=?Utf-8?B?157Xmden15k=?=" <@discussions.microsoft.com>
>> >Subject: Trust Relationships problem nt4->2003
>> >Date: Sun, 8 May 2005 07:30:03 -0700
>> >Lines: 24
>> >Message-ID: <8AC3C08C-F19B-4C5F-989B-E566AA5FFA22@xxxxxxxxxxxxx>
>> >MIME-Version: 1.0
>> >Content-Type: text/plain;
>> > charset="Utf-8"
>> >Content-Transfer-Encoding: 7bit
>> >X-Newsreader: Microsoft CDO for Windows 2000
>> >Content-Class: urn:content-classes:message
>> >Importance: normal
>> >Priority: normal
>> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>> >Newsgroups: microsoft.public.windows.server.migration
>> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>> >Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.migration:10062
>> >X-Tomcat-NG: microsoft.public.windows.server.migration
>> >
>> >I am doing the admt2 migration nt4 sp6 to win2003
>> >
>> >in order to use the admt2 tool
>> >I need to make a trust between the two domain
>> >
>> >I am doing the trust like it says in MS site
>>
>http://www.microsoft.com/technet/community/events/windows2003srv/tnt1-79.ms
>> px
>> >(there is a video how to do it) can't go wrong
>> >
>> >
>> >
>> >But when I am going to the NT4 sp6 and adding in the trusted domains
field
>> >I get an error message
>> >"could not find domain controller for this domain"
>> >
>> >Under the trusted domains field
>> >There is a trusting domains -->I add there the new win2003 domain and
it
>> is
>> >finding
>> >It with out a problem
>> >
>> >
>> >Why can't the nt4 find the 2003 new domain in the trusted domains field?
>> >
>> >
>> >
>>
>>
>
.
- References:
- RE: Trust Relationships problem nt4->2003
- From: Amanda Wang [MSFT]
- RE: Trust Relationships problem nt4->2003
- Prev by Date: RE: Boot device error 0x0000007B+0xf789e63c
- Next by Date: RE: upgrading/migrating 2000 domain to 2003
- Previous by thread: RE: Trust Relationships problem nt4->2003
- Next by thread: RE: Trust Relationships problem nt4->2003
- Index(es):
Relevant Pages
|
