Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2443
  • Last Modified:

Windows 2003 Server Trusts

I have set up a trust between two win 2k3 domains...I am able to browse shares and view the active directory from the trusted domain.

I do get an error "the local security authority is unable to obtain an rpc connection" when trying to connect to the domain.

Also I am wanting to mail enable users in one domain from the domain with the exchange server is this possible?

Thanks
0
rafordhargrove
Asked:
rafordhargrove
  • 9
  • 6
  • 4
2 Solutions
 
rpartingtonCommented:
Do you have old entries in your LMHOSTS of servers that do not exist anymore, ie IP addresses of servers which were removed but are still sat in the LMHOSTS.

You could also add a line in your LMHOSTS file
with the DOMAIN pointing to the PDC emulator from each to the reciprocal
domain. If you have multiple subnets or need this available wide-spread,
you may want to consider WINS to traverse NetBIOS resolution across subnets.

Also double check DNS is correct
0
 
rafordhargroveAuthor Commented:
I dont know if there are any old entries in the LMHOSTS...i removed all of the hosts from dns that werent used any more and then created secondary zones on each dns server to point to the other domain, allowed dns transfers between the two domains on each dns server.

i dont have wins enabled, but i can ping the domain controller of domain a from domain b's domain controller.

just getting the rpc server is unavalible error.
0
 
Jay_Jay70Commented:
Hi rafordhargrove,

can you verify the trust, what sort of trust did you set up
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
rafordhargroveAuthor Commented:
When I try and verify the trust from the domain controller itself i get an error saying "Windows cannot find a domain controller for domain b. Verify the DC is available and try again"

Both DC's are up and running...When I try and verify the trust from a member server I get this error:

The secure channel (SC) reset on domain controller \\dc1.domainA.local of domain domainA.local to domain domainB.local failed with error: There are currently no logon servers available to service the logon request.

The secure channel (SC) reset on domain controller \\dc1.domainB.local of domain domainB.local to domain domainA.local failed with error: There are currently no logon servers available to service the logon request.

Not sure whats going on.

Thanks
0
 
rpartingtonCommented:
1) Make sure you have correct password for both domains.
2. It could be a name resolution issue. Make sure you have a correct DNS or settings.
3. Multihomed computer as DC with DNS and WINS may cause this problem.
4. One possible cause of this error is that you have run out of buffer space in the NetBT datagram buffer.

http://www.mcse.ms/archive305-2005-6-1675634.html

http://www.experts-exchange.com/Networking/Microsoft_Network/Q_21322076.html?qid=21322076

http://www.experts-exchange.com/Networking/Microsoft_Network/Q_20923395.html?query=The+secure+channel+%28SC%29+reset+on+domain+controller+&clearTAFilter=true

http://www.pcreview.co.uk/forums/thread-1434547.php
0
 
rafordhargroveAuthor Commented:
Hi rpartington,

I have the correct password, and am fairly sure the dns settings are right.  I am able to ping by name across domains...they are on the same subnet as of right now.

I dont think its multihomed...it only has one nic enabled.
0
 
rpartingtonCommented:
Have you double checked the links I put above for your situation
0
 
rafordhargroveAuthor Commented:
I checked out all of those links...still no luck.

When I first promoted the current dc on domain a it went fine until i tried to demote the server that was acting as dc...when i demoted that server it locked up on the netlogon process and the demotion failed.  I ran dcpromo again and it went fine, but it skipped the netlogon step i believe.

I am starting to think this has something to do with the problem...its not a networking or dns issue, and its not a netbios issue i dont think.

I dont know what its trying to do but this is the error i get when i try and create and verify the trust:

The verification of the incoming trust failed with the following error(s):
The trust password verification test was inconclusive.
A secure channel reset will be attempted.
The secure channel reset failed with error 1311: There are currently no logon servers available to service the logon request.

The outgoing trust has been verified. It is in place and active.
0
 
Jay_Jay70Commented:
can you confirm the netlogon service is running on both DC's
0
 
rpartingtonCommented:
0
 
rafordhargroveAuthor Commented:
netlogon service is running on both servers.  I restarted the service on both machines...recreated the trust and still get the same error.
0
 
Jay_Jay70Commented:
windows firewall isnt running?
0
 
rafordhargroveAuthor Commented:
No windows firewall, ics/firewall service is disabled.
0
 
Jay_Jay70Commented:
hmm hmm hmm   whats the source and number on the event logged in the logs
0
 
rafordhargroveAuthor Commented:
Now when I try and validate the trust from the dc for domain a i get prompted to validate the incoming trust with username and password for domain b.  After entering the username and password i get "the trust is in place and active.

And on the dc for domain b i get "The Local Security Authority is unable to obtain an RPC connection to the domain controller for domain a.  Please check that the name can be resolved and that the server is available."
0
 
rafordhargroveAuthor Commented:
I got it to work on both of them now.

simple problems in the dns tab of the advanced tcp/ip properties

so anyone know how to get domain a's users mail enabled now?  domain b has the exchange server.
0
 
Jay_Jay70Commented:
0
 
rafordhargroveAuthor Commented:
where on smebees site should i look?  i looked in the multiple domains page, but didnt really see what i'm trying to do.

mail enabling users in a trusted domain
0
 
Jay_Jay70Commented:
if its not in that site then you should ask a question in the exchange area as i dont know
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

  • 9
  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now