RE: Windows 2000 to Windows 2003 Domain-Trust Issue
- From: v-rebc@xxxxxxxxxxxxxxxxxxxx ("Rebecca Chen [MSFT]")
- Date: Fri, 15 Jul 2005 10:38:54 GMT
Yes., according to the error message, you need to change the registry to
turn off the SMB siging.
Please refer to the following article below:
You cannot open file shares or Group Policy snap-ins when you disable SMB
signing for the Workstation or Server service on a domain controller
http://support.microsoft.com/?id=839499
Best regards,
Rebecca Chen
MCSE2000 MCDBA CCNA
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>Thread-Topic: Windows 2000 to Windows 2003 Domain-Trust Issue
>thread-index: AcWIana/UWOD1PVaSuS9QshsAqlv5A==
>X-WBNR-Posting-Host: 20.139.67.50
>From: =?Utf-8?B?TmFuZGFu?= <Nandan@xxxxxxxxxxxxxxxxxxxxxxxxx>
>References: <4FC2B7A6-4533-408E-A926-A12DE4E2D5D5@xxxxxxxxxxxxx>
<$mhC#n6hFHA.944@xxxxxxxxxxxxxxxxxxxxx>
>Subject: RE: Windows 2000 to Windows 2003 Domain-Trust Issue
>Date: Thu, 14 Jul 2005 04:52:09 -0700
>Lines: 142
>Message-ID: <13B88AB7-5B8B-49D9-8C6E-331A61890FFA@xxxxxxxxxxxxx>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.windows.server.migration
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.migration:11249
>X-Tomcat-NG: microsoft.public.windows.server.migration
>
>We do not have any firewall in between. all the ports are open for
>communication. I have added the LMHOSTS entry . When I try to create the
>trust from GUI it ask for the username and passord for windows 2000 when I
>give username /password (DA rights) it says access denied. and trust
>creation fails.
>
>While mapping the c$ drive of the source w2k DC, its gives error "The
>account is not authorized to log in from this workstation" though there is
no
>restriction imposed on the account, and acoount has domain admin reights
on
>windows 200 domain.
>
>Same question does the registry entries mentioned in first reply are
>required..?
>
>Kindly suggest.
>
>best regards
>Nandan
>""Rebecca Chen [MSFT]"" wrote:
>
>> I have seen this issue before and the prossible cause is the firewall on
>> win2k3 DC. Is it possible to turn off the firewall? If not, please check
if
>> the following ports are opened on each sites for the trust:
>>
>> +=================+=============+=====================================+
>> | Client Port(s) | Server Port | Service |
>> +=================+=============+=====================================+
>> | 1024-65535/TCP | 135/TCP | RPC * |
>> +=================+=============+=====================================+
>> | 137/UDP | 137/UDP | NetBIOS Name |
>> +=================+=============+=====================================+
>> | 138/UDP | 138/UDP | NetBIOS Netlogon and
>> Browsing |
>> +=================+=============+=====================================+
>> | 1024-65535/TCP | 139/TCP | NetBIOS Session |
>> +=================+=============+=====================================+
>> | 1024-65535/TCP | 42/TCP | WINS Replication |
>> +=================+=============+=====================================+
>>
>> Please double check to ensure that the lmhosts file are correct.. In
>> addition, refer to the following article to use the netdom command to
build
>> the trust:
>>
>> 175025:How to Build and Reset a Trust Relationship from a Command Line
>> http://support.microsoft.com/?id=175025
>>
>>
>> The folloiwng article is also very important to add entry in lmhost:
>> How to Write an LMHOSTS File for Domain Validation and Other Name
>> Resolution Issues
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;180094
>>
>>
>> If you still cannot set up trust with the netdom command, please let me
>> know the detailed error that you get.
>>
>> Best regards,
>>
>> Rebecca Chen
>>
>> MCSE2000 MCDBA CCNA
>>
>>
>> Microsoft Online Partner Support
>> Get Secure! - www.microsoft.com/security
>>
>> =====================================================
>>
>> When responding to posts, please "Reply to Group" via your newsreader so
>> that others may learn and benefit from your issue.
>>
>> =====================================================
>> This posting is provided "AS IS" with no warranties, and confers no
rights.
>>
>> --------------------
>> >Thread-Topic: Windows 2000 to Windows 2003 Domain-Trust Issue
>> >thread-index: AcWHa+sT/mEs7wRvRnKBQ3Jt5MMSgA==
>> >X-WBNR-Posting-Host: 203.192.213.247
>> >From: =?Utf-8?B?TmFuZGFu?= <Nandan@xxxxxxxxxxxxxxxxxxxxxxxxx>
>> >Subject: Windows 2000 to Windows 2003 Domain-Trust Issue
>> >Date: Tue, 12 Jul 2005 22:30:02 -0700
>> >Lines: 36
>> >Message-ID: <4FC2B7A6-4533-408E-A926-A12DE4E2D5D5@xxxxxxxxxxxxx>
>> >MIME-Version: 1.0
>> >Content-Type: text/plain;
>> > charset="Utf-8"
>> >Content-Transfer-Encoding: 7bit
>> >X-Newsreader: Microsoft CDO for Windows 2000
>> >Content-Class: urn:content-classes:message
>> >Importance: normal
>> >Priority: normal
>> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>> >Newsgroups: microsoft.public.windows.server.migration
>> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>> >Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.migration:11207
>> >X-Tomcat-NG: microsoft.public.windows.server.migration
>> >
>> > Hi,
>> >
>> >We are planning to migrate users/groups/computers from 3 windows 2000
>> native
>> >mode domains to windows 2003 domain.
>> >
>> >1. I Installed w2k3 domain.
>> >2. Tried to estabish the trust but faced issues.
>> >from windows 2000 to windows 2003 trust works fine. but from windows
2003
>> to
>> >2000, during trust verification using GUI it gives error RPC server not
>> >available for source domain.
>> >Do we have modify windows 2000 registry entries like we did for
WinNT4.0.?
>>
HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecurit
>> ySignature - 1
>>
HKLM\System\CurrentControlSet\Services\LanManworkstation\Parameters\EnableSe
>> curitySignature- 1
>> >HKLM\System\CurrentControlSet\control\LSA\LMCompatibilityLevel--3.
>> >
>> >Windows 2000 source domain is callcentre.com.
>> >Windows 2003 destination domain is asiapac.corp.net.
>> >
>> >Both source and destination domain controllers are pointing to common
WINS
>> >but they have seaprate DNS server, no forwarders for either zone.In
short
>> no
>> >DNS connectivity in-between them.
>> >
>> >How to verify the trust from command line. How to troubleshoot trust
issue.
>> >
>> >We have other NT domains which we have migrated sucessfully with above
>> >registry entries. I am bit concerns adding these entries in Windows
2000
>> >production server.
>> >
>> >Request to clarify do we require the registre entries in Windows 2000.
>> >
>> >Best regards,
>> >Nandan Aswal
>> >
>> >
>> >
>> >
>> >
>>
>>
>
.
- References:
- Windows 2000 to Windows 2003 Domain-Trust Issue
- From: Nandan
- RE: Windows 2000 to Windows 2003 Domain-Trust Issue
- From: "Rebecca Chen [MSFT]"
- RE: Windows 2000 to Windows 2003 Domain-Trust Issue
- From: Nandan
- Windows 2000 to Windows 2003 Domain-Trust Issue
- Prev by Date: RE: adding 2003 server in a Windows 2000 AD
- Next by Date: Re: Add or modify ACL on folder after using FSMT
- Previous by thread: RE: Windows 2000 to Windows 2003 Domain-Trust Issue
- Next by thread: adding 2003 server in a Windows 2000 AD
- Index(es):
Relevant Pages
|
