I only get a security log entry on the server when I am prompted for creds to the trusted domain. That generates a 552 event. The server that works properly does not prompt for creds.
I don't see any unusual events on the domain controllers. However... When I try to validate the trust I get "The Local Security Authority is unable to obtain an RPC connection to the domain controller xxxxxxxx. Please check that the name can be resolved and that the server is available." The domain controller is responding to ping, mapping a drive, and nbtstat as the PDC for the domain. I deleted the trust and recreated based on the doc below and validation worked for a short period of time but I was still unable to properly see the group from the trusted domain. I'm looking into whether someone was playing with GPO but nothing really appears to be out of the ordinary. There are other servers experiencing this problem as well but I also have servers that are not, in this same domain. However, someone notified me that one of the servers that had the problem this morning is fine now but another that was fine before is not now. Go figure. We've burned too many hours on this so I'm going to burn a ticket with Microsoft tomorrow. Want this problem to go AWAY! Thanks, Mike > Event log entries? > > Have you made any modifications to the Windows 2003 hosts to allow the trust > (such as changing the restrictanonymous setting) or anything like that? > > http://support.microsoft.com/default.aspx?scid=kb;en-us;325874 might be of > interest as well. > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] > Sent: Wednesday, October 27, 2004 3:01 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Odd trust behavior > > We've begun adding our first servers, all 2003, into our first AD domain > (running in 2003 mode). �This domain has a two-way trust with one of our > NT4.0 domains. �We need to add a global group from the NT4.0 domain into the > Administrators group on the server. �We're able to do this. �However, when > we go back into the Administrators group all we get is the SID and a > question mark. �This also results in the members of that group being unable > to access the server. �We can remove the group and readd the group but it > still converts to just the SID and the question mark. �We've also removed > one of the servers with this problem from the domain, readded, and readded > the group to Administrators, but no luck. > > I believe that there's something simple and obvious that we're missing. > WINS checks out fine. �We're able to map drives manually to each other from > both the PDC of the trusted domain and from the server in question. > > Any ideas? > List info � : http://www.activedir.org/mail_list.htm > List FAQ � �: http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info � : http://www.activedir.org/mail_list.htm > List FAQ � �: http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
