Solved

The local security authority is unable to obtain an RPC

Posted on 2007-03-26
1
5,026 Views
Last Modified: 2013-12-19
We are in the middle of a single forest migration, where we are consolidating 4 forests to 1. My issue is with one of the forests... It struggles to create trusts with the new forest and child domains.

The troublesome forest we can call Forest T, and the domain/forest we're trying to two way trust with A.

Both DC's in question are Windows 2003 Std Server SP2, the DC of Forest A is a R2 edition box.

Regardless of which direction i attempt to build the two trust in, I get an error stating:

"The local security authority is unable to obtain an RPC
connection to the Domain controller <REMOTE DC>."

For the record, none of the DC's in question are VM's. The VPN between the two sites is wide open, and furthermore i tested to see if I can telnet from either side on 445 135 389 and 88... and i can.

Whats the problem? Whats causing the RPC connection to fail? Any advice, comments, or ideas would be very welcome at this point.

Frustrated in Texas.

D
0
Comment
Question by:TGS-IS
1 Comment
 
LVL 28

Accepted Solution

by:
Michael Pfister earned 250 total points
ID: 18815051
Download PortQueryUI from

http://download.microsoft.com/download/3/f/4/3f4c6a54-65f0-4164-bdec-a3411ba24d3a/PortQryUI.exe

and let it run on one side and point it to server on the other side and vice versa. It tests more than a telnet can do.

If this doesn't show where the problem lies, you have to further troubleshoot it by installing a network sniffin tool on both ends, i.e. Wireshark (http://www.wireshark.org/) and check if the entire traffic is passing your VPN/routers.

0

Join & Write a Comment

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now