Once again, Diane makes a good point. I fought this same issue with one of our subsidiaries about 2 mos. ago. We DID have a name resolution problem, but we also had a cart before the horse problem. Seems that I had pre-created trusts before the admin on the NT 4.0 side had created his. This caused all kinds of havoc. Ended up that we deleted trusts all the way around, waited about 10 - 15 mins, he created his end for the trusting, I created mine for the trusted. I created mine for the trusting, he created his for the trusted. Him - NT 4.0 side, me Windows 2000 side. Now, when prompted during the verification for credentials to verify the trust - cancel out. These are the notes that I found after being pinged by Diane's post. Hope this helps! Rick Kingslan - Microsoft Certified Trainer MCSE+I on Windows NT 4.0 MCSE on Windows 2000 MVP [Windows NT/2000 Server]
"Any sufficiently advanced technology is indistinguishable from magic." --- Arthur C. Clarke -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Sunday, July 07, 2002 2:23 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Trusts between AD and NT4 - HELP!! I was working on our Exchange upgrade and had to convert a one way trust relationship to a two way trust relationship. I worked for several hours to get the second one way trust in place. I focused on name resolution as the issue as the error message I got was "The specified domain either does not exist or could not be contacted". I also tried the lmhosts solution that Rick suggested. Despite the error message, it was not a name resolution issue. In my case, was due to the fact that the trust was in place before our Active Directory upgrade. See http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q306101. Gotta love those MS error messages. Always so concise... :-) You mentioned that you deleted the trust and recreated it. Maybe you need the AD side to replicate the deletion before you recreate it. See the below links for other possible solutions: http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q306733 http://support.microsoft.com/default.aspx?scid=kb;en-us;Q180094 http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q255551 http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q317178 http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q295335 Diane -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Rick Kingslan Sent: Sunday, July 07, 2002 10:45 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Trusts between AD and NT4 - HELP!! The close to last thing that I can think of doing is to create a HOSTS file and an LMHOSTS file on both machines. The LMHOSTS file should have: xx.xx.xx.xx PDC machine name #PRE #DOM:Domain-name xx.xx.xx.xx "Domain-name \0x1b" #PRE Note that the second string MUST BE EXACTLY 20 characters in length, including the \0x1b, and muct be in double quotes. Take a look at this Q for more: http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q245172 Good luck! Rick Kingslan - Microsoft Certified Trainer MCSE+I on Windows NT 4.0 MCSE on Windows 2000 MVP [Windows NT/2000 Server] "Any sufficiently advanced technology is indistinguishable from magic." --- Arthur C. Clarke From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Paul Sobey Sent: Sunday, July 07, 2002 12:11 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Trusts between AD and NT4 - HELP!! Hi Rick, I'm trying every combination of nltest and netdom I can think of. WINS entries are good - the domain controllers didn't change IP address, they just got properly rack mounted then switched back on! It's almost like there's a GP somewhere that is preventing the trusts going up, but I can't find it. I've disabled everything that looks remotely suspect (ie force NTLMv2 authentication, disabled anonymous connections etc.) If I delete the trust on both sides and try re-adding, the error on the NT4 side is 'Could not find a domain controller for this domain'. nltest correctly reports the name of the dcs, and they can be pinged. Anyone else seen this before? It has me completely confounded, and I am in big trouble if it doesn't work tomorrow.... Paul "Rick Kingslan" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 06/07/2002 14:01 Please respond to ActiveDir To: <[EMAIL PROTECTED]> cc: Subject: RE: [ActiveDir] Trusts between AD and NT4 - HELP!! Paul, Diane has a potential good cath on the 1B records (make sure that you have the whole of the NetBIOS records for ht machines - 1B, 1C, 1D, 1E, 00, 20, 03, etc.). You might attempt a password resynch with Netdom as I've seen secure channel password failures many times. If all else fails, break down the trusts and try again. Sometimes, there just is no rhyme or reason to trust failures. Good luck! Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 "Any sufficiently advanced technology is indistinguishable from magic." --- Arthur C. Clarke > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Paul Sobey > Sent: Saturday, July 06, 2002 2:52 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Trusts between AD and NT4 - HELP!! > > > Hi Guys, > > For migration purposes I have established a one way trust > between my legacy domain (trusting) and my new AD (trusted). > Yesterday, both DCs got powered off one at a time, and moved > to new homes in the comms room. After they were powered back > up, the trust had failed. All attempts to re-establish it > using the GUI tools fail - the NT4 User Management refuses to > add the trust with 'Cannot Find a Domain Controller for this > domain'. When I use netdom, from either the trusted or > trusting DCs, it reports that the command has completed > successfully, the correct entries appear in the > trusted/trusting domains lists for the domains, but > verification fails, as does secure channel reset with 'ACCESS DENIED'. > > Both sets of DCs point at the same domain, and the WINS 1c > records on both sides are correct. They can ping each other > by hostname. > > Does anyone have any idea how to fix this? I am at my wits > end, and users are due in Monday who will not be abke to work > if the trust isn't in place! > > Thanks for any help you can offer. > > Paul > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
<<attachment: winmail.dat>>
