RE: trust between windows nt 4.0 and windows 2003 domain
- From: v-xuwen@xxxxxxxxxxxxxxxxxxxx (Vincent Xu [MSFT])
- Date: Fri, 14 Apr 2006 08:09:13 GMT
Hi,
we can try to create a one way trust via netdom trust, used /verbose switch
to get diagnostic info and saw the following:
netdom trust /d:"Trusted Domain name" "Trusting Domain name"\"user name"
/pd:* /verbose (without quotation mark)
and let me know the detail results.
Thanks.
Best regards,
Vincent Xu
Microsoft Online Partner Support
======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================
--------------------
<JaroSterbikLamina@xxxxxxxxxxxxxxxxxxxxxxxxx>Thread-Topic: trust between windows nt 4.0 and windows 2003 domain
thread-index: AcZfGQzb2fCSgpyBQWW1hknat+bJlQ==
X-WBNR-Posting-Host: 195.62.26.120
From: =?Utf-8?B?SmFybyBTdGVyYmlrLUxhbWluYQ==?=
<crBKQ4QXGHA.4620@xxxxxxxxxxxxxxxxxxxxx>References: <7E038624-58B5-4692-B1D9-CE677D7BED7A@xxxxxxxxxxxxx>
<207B21F1-9721-4578-97C4-D6B5A10FB2CF@xxxxxxxxxxxxx>
<WpA0pPsXGHA.6000@xxxxxxxxxxxxxxxxxxxxx>
microsoft.public.windows.server.migration:23307Subject: RE: trust between windows nt 4.0 and windows 2003 domain
Date: Thu, 13 Apr 2006 09:41:02 -0700
Lines: 252
Message-ID: <A8B0C2F2-3C99-44B8-B45B-7C8854AF577C@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.windows.server.migration
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl
getNNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.windows.server.migration
Hello,
The lmhosts files should be correct. Using nbtstat at the command line I
Windowsthe right names and addresses for the NT-PDC and the domain.
I think the domain controller for the NT domain is recognized by the
For2003 server correctly, since it also lists the name in the error message.
thesome strange reason it's not possible to establish an RPC-connection to
fromWindows NT machine (according to the error msg.). The other way around,
servers...the NT-PDC to the W2k3-server it's working perfectly now.
And as I wrote I also edited the Security Policy for the W2k3 server as
described in the KB-article. So I'm kind of lost here, I can't think of
anything else which could trouble the communication between the two
Use
If you have any other ideas, pls. let me know.
Brgds,
Jaro
--
___________
Please reply to the group.
=========
Of all the things I''''ve lost, I miss my mind the most. (Ozzy Osbourne)
"Vincent Xu [MSFT]" schrieb:
Hi,
I think you need to modify the LMHost file manually.
To create a correctly formatted Lmhosts file, follow these steps: 1.
namedany text editor, such as Notepad.exe or Edit.com, to create a file
case,Lmhosts, and save it in the following folder: Microsoft Windows NT
----------
%SystemRoot%\System32\Drivers\Etc
Microsoft Windows 95
----------
C:\Windows (the folder where Windows is installed)
Microsoft Windows NT and Windows 2000
---------------------------
%SystemRoot%\System32\Drivers\Etc
Note The file name is Lmhosts, without an extension. If you use
Notepad.exe, it may automatically append the .txt extension. In this
PDCNAMEat a command prompt, you must rename the file using no extension.
2. Add the following entries to the Lmhosts file: 10.0.0.1
you#PRE #DOM:DOMAIN-NAME
10.0.0.1 "DOMAIN-NAME \0x1b" #PRE
Note The domain name in this entry is case sensitive. Make sure that
souse uppercase characters for the domain name. If you use lowercase
characters for the domain name, NetBT does not recognize the name.
How to write an Lmhosts file for domain validation and other name
resolution issues
http://support.microsoft.com/?id=180094
Best regards,
Vincent Xu
Microsoft Online Partner Support
======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader
rights.that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no
file======================================================
--------------------
<JaroSterbikLamina@xxxxxxxxxxxxxxxxxxxxxxxxx>Thread-Topic: trust between windows nt 4.0 and windows 2003 domain
thread-index: AcZeTab/YRluGS4SSeazr0GTBSNAwg==
X-WBNR-Posting-Host: 195.62.26.120
From: =?Utf-8?B?SmFybyBTdGVyYmlrLUxhbWluYQ==?=
<crBKQ4QXGHA.4620@xxxxxxxxxxxxxxxxxxxxx>References: <7E038624-58B5-4692-B1D9-CE677D7BED7A@xxxxxxxxxxxxx>
microsoft.public.windows.server.migration:23290Subject: RE: trust between windows nt 4.0 and windows 2003 domain
Date: Wed, 12 Apr 2006 09:25:03 -0700
Lines: 119
Message-ID: <207B21F1-9721-4578-97C4-D6B5A10FB2CF@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.windows.server.migration
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl
there,NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.windows.server.migration
Thx Vince for the two links. I configured everything like described
but it's still not working from the 2003-side (with the same message).
The NT-PDC didn't come up with any more error messages (the lmhosts
the+
lookup solved this one).
The only point where i'm not sure are the registry settings for NT in
theyKB-article. It's recommended to check certain parameter values, but
andare
which?),not set on my NT-PDC. Should I set them to a certain value (if yes,
or should it work already like this?
Is there anything else I could try?
Thx, Jaro
--
___________
Please reply to the group.
=========
Of all the things I've lost, I miss my mind the most. (Ozzy Osbourne)
"Vincent Xu [MSFT]" schrieb:
Hi Jaro,
Regarding troubshooting the problem in building trust between NT4
cannotarticles:Windows Server 2003, I'd like to suggest you refer to following
Trust between a Windows NT domain and an Active Directory domain
newsreaderbe
established or it does not work as expected
http://support.microsoft.com/default.aspx?scid=kb;EN-US;889030
http://71.214.150.200:443/windows/articles/firewall_trust.html
Hope helps
Best regards,
Vincent Xu
Microsoft Online Partner Support
======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your
Windowsso
rights.that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no
======================================================
--------------------
<JaroSterbikLamina@xxxxxxxxxxxxxxxxxxxxxxxxx>Thread-Topic: trust between windows nt 4.0 and windows 2003 domain
thread-index: AcZcszcYbJhDG36OSYO/1QeMp0xMBQ==
X-WBNR-Posting-Host: 195.62.26.120
From: =?Utf-8?B?SmFybyBTdGVyYmlrLUxhbWluYQ==?=
microsoft.public.windows.server.migration:23256Subject: trust between windows nt 4.0 and windows 2003 domain
Date: Mon, 10 Apr 2006 08:27:02 -0700
Lines: 30
Message-ID: <7E038624-58B5-4692-B1D9-CE677D7BED7A@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.windows.server.migration
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl
NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.windows.server.migration
Hi all,
I'm trying to establish a trust relationship between our old
Trusts itNT
PDC-emulator)domain and our new Windows 2003 domain.
The theory is clear to me, the two servers (NT PDC and W2k3
can ping each other, the netbios names can be resolved...
But when I try to setup the trust in Windows AD Domains and
connectionalways
ends with the following error message:
"The Local Security Authority is unable to obtain an RPC
resolvedto
the
domain controller [SERVER-A]. Please check that the name is
running,an
can'tthe
server is available."
Where [SERVER-A] is the correct name of the NT-PDC. So I guess it
be a
problem with resolving the names. Both servers are up and
firewalland
can be
accessed via the network; no firewalls between them (W2k3
problemalso
inactive).
Any ideas what I might have missed/forgotten, or where the
Osbourne)could
be?
Thx in advance!
Rgds, Jaro
--
___________
Please reply to the group.
=========
Of all the things I''ve lost, I miss my mind the most. (Ozzy
.
- References:
- RE: trust between windows nt 4.0 and windows 2003 domain
- From: Vincent Xu [MSFT]
- RE: trust between windows nt 4.0 and windows 2003 domain
- From: Jaro Sterbik-Lamina
- RE: trust between windows nt 4.0 and windows 2003 domain
- From: Vincent Xu [MSFT]
- RE: trust between windows nt 4.0 and windows 2003 domain
- From: Jaro Sterbik-Lamina
- RE: trust between windows nt 4.0 and windows 2003 domain
- Prev by Date: Installing first AD
- Next by Date: RE: Installing first AD
- Previous by thread: RE: trust between windows nt 4.0 and windows 2003 domain
- Next by thread: RE: Migrating users from another forest
- Index(es):
Relevant Pages
|
