Hi Rick,
I'm trying every combination of nltest and netdom I can think of.
WINS entries are good - the domain controllers didn't change IP address, they just got properly rack mounted then switched back on! It's almost like there's a GP somewhere that is preventing the trusts going up, but I can't find it. I've disabled everything that looks remotely suspect (ie force NTLMv2 authentication, disabled anonymous connections etc.)
If I delete the trust on both sides and try re-adding, the error on the NT4 side is 'Could not find a domain controller for this domain'. nltest correctly reports the name of the dcs, and they can be pinged.
Anyone else seen this before? It has me completely confounded, and I am in big trouble if it doesn't work tomorrow....
Paul
| "Rick Kingslan" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 06/07/2002 14:01
|
To: <[EMAIL PROTECTED]> cc: Subject: RE: [ActiveDir] Trusts between AD and NT4 - HELP!! |
Paul,
Diane has a potential good cath on the 1B records (make sure that you
have the whole of the NetBIOS records for ht machines - 1B, 1C, 1D, 1E,
00, 20, 03, etc.).
You might attempt a password resynch with Netdom as I've seen secure
channel password failures many times.
If all else fails, break down the trusts and try again. Sometimes,
there just is no rhyme or reason to trust failures.
Good luck!
Rick Kingslan - Microsoft MVP [Windows NT/2000]
Microsoft Certified Trainer
MCSA, MCSE+I - Windows NT / 2000
"Any sufficiently advanced technology
is indistinguishable from magic."
--- Arthur C. Clarke
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of Paul Sobey
> Sent: Saturday, July 06, 2002 2:52 AM
> To: [EMAIL PROTECTED]
> Subject: [ActiveDir] Trusts between AD and NT4 - HELP!!
>
>
> Hi Guys,
>
> For migration purposes I have established a one way trust
> between my legacy domain (trusting) and my new AD (trusted).
> Yesterday, both DCs got powered off one at a time, and moved
> to new homes in the comms room. After they were powered back
> up, the trust had failed. All attempts to re-establish it
> using the GUI tools fail - the NT4 User Management refuses to
> add the trust with 'Cannot Find a Domain Controller for this
> domain'. When I use netdom, from either the trusted or
> trusting DCs, it reports that the command has completed
> successfully, the correct entries appear in the
> trusted/trusting domains lists for the domains, but
> verification fails, as does secure channel reset with 'ACCESS DENIED'.
>
> Both sets of DCs point at the same domain, and the WINS 1c
> records on both sides are correct. They can ping each other
> by hostname.
>
> Does anyone have any idea how to fix this? I am at my wits
> end, and users are due in Monday who will not be abke to work
> if the trust isn't in place!
>
> Thanks for any help you can offer.
>
> Paul
>
>
> List info : http://www.activedir.org/mail_list.htm
> List FAQ : http://www.activedir.org/list_faq.htm
> List archive:
> http://www.mail-archive.com/activedir%> 40mail.activedir.org/
>
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
