Solved

Domain Trust between server 2003 and 2000 breakdown

Posted on 2006-07-01
4
2,826 Views
Last Modified: 2012-08-13
I performed the following steps:
 - Created a new installation of server 2003 (std)
 - Set it up as a domain controller with DNS, WINS etc.,
 - Created a two-way trust between it and an already existing w2k domain with domain-wide authentication (This was created from the w2k3 domain, if that's useful)

All appeared to be ok until after about 24 hrs the trust broke down, but only in one direction (w2k domain could not connect to w2k3). The other direction appears to be working fine.

The error from the w2k DC when I try to verify the trust is: Information from the primary domain controller for the domain w2k3.loc cannot be obtained because: The RPC server is unavailable. Make sure that the PDC is operating properly and then try again.

The error from the w2k3 DC when I try to validate the trust is: Windows cannot find a domain controller for the w2k.loc domain. Verify that a DC is available and then try again.

Any ideas?
0
Comment
Question by:windylad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 15

Accepted Solution

by:
harleyjd earned 500 total points
ID: 17023740
damn, that sounds like what I went through on Thursday and Friday.

I have nice DNS replication set up between domains, but I could not get the trust to stay in-place once I had it established.

In the end I removed all netbios names from the lmhosts file at each end, and stopped the DC's from registering and using WINS. Once I did that I got the trust validated no problems.

So, make sure your DNS is completely replicated by either using secondaries at either end, or using forwarders (and the cool 2003 conditional forwarders!) then take out the WINS server from the DC's


0
 
LVL 8

Expert Comment

by:bilbus
ID: 17025130
sounds like a dns problem. What do you get when you ping
domainname.com
dc1.domainname.com
dc2.domainname.com

(dc.domainname.com replace with name of domain controlers and name of domain)

do this on both domains and see if you can ping all the names.

post here with your status
0
 

Author Comment

by:windylad
ID: 17030658
There was indeed a problem with the DNS setup. I did have forwarders configured, but there was a problem with the replication due to zone transfer enabling.
I have corrected the problem and re-created forwarders and trusts from scratch. All is good at the moment, but I'll leave it a day or so before closing this question and allocating points. Thanks for the help guys.
0
 

Author Comment

by:windylad
ID: 17050919
That looks like it was the problem. It has been up and running for a few days now with access in both directions. Many Thanks for the help guys.
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question