RE: [ActiveDir] Trust issue

Wed, 12 Oct 2005 14:43:17 -0700 

Take a trace. I suspect you have downlevel name resolution to deal with. 

 

Thanks,
Brian Desmond

 <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED]

 

c - 312.731.3132

 

 

  _____  

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Wednesday, October 12, 2005 4:49 PM
To: [email protected]
Subject: RE: [ActiveDir] Trust issue

 

I'm doing a win2k-win2k3 trust.

Logically and from what i've read from MS, I assume i only need the proper
dns set up.

Its my understanding that for trusts bet
win2k-win2k,win2k-win2k3,win2k3-win2k3, you don't need wins or netbios or
lmhosts.

 

of course when it comes to netbios, no one seems to have a definitive
answer, including MS.

Then some people say there is a disntinction between flat names like
"mydomain"(that you see in the drop down list in the GINA) and netbios
names.

but i never could understand that very specific distinction.

 

of course, i'm no expert and people whom i respect on this list seem to have
conflicting views on netbios and what it is(a api,a protocol,a network
driver?) and its place in modern win2k/2k3 networks, specifically as applies
to trusts.

 

but what this comes down to really, is i should get off my butt and run
ethereal on my test forests and see what i can see :)

 

 

thanks

 

P.S-  in the org i work for, we have netbios/tcp disabled in both forests
and no WINS(whatever that implies...)

 

-----Original Message----- 
From: [EMAIL PROTECTED] on behalf of Brian Desmond 
Sent: Wed 10/12/2005 4:33 PM 
To: [email protected] 
Cc: 
Subject: RE: [ActiveDir] Trust issue

Unless you're doing a 2k3 - 2k3 trust, you better plan on downlevel name
resolution. Personally, I rely on it for any trust. I have somewhere between
350 and 400 that I manage, and WINS is the only reliable thing I have out to
all my remote sites. 

 

Thanks,
Brian Desmond

 <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED]

 

c - 312.731.3132

 

 


  _____  


From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Wednesday, October 12, 2005 2:41 PM
To: [email protected]
Subject: RE: [ActiveDir] Trust issue

 

Nope.

 

also as an aside,what is pretty amusing(in a frustrating way) is MS was the
one that told me about the lmhost entries.

i remeber bringing this up on the list awhile ago and we all went back and
forth about wheter  netbios is involved in a external trust between win2k
and win2k3 and if it could be entirley done via dns.

 

i know MS was just grasping at straws to try to help me out but its just
amusing that no one can say without doubt or confusion wheter you need
netbios or not in this senario inculding the guys that sell the product.

 

only in the software industry, i guess...

 

 

-----Original Message----- 
From: [EMAIL PROTECTED] on behalf of Brian Desmond 
Sent: Wed 10/12/2005 2:24 PM 
To: [email protected] 
Cc: 
Subject: RE: [ActiveDir] Trust issue

DCOM range locked down on one end but not the other? 

 

Thanks,
Brian Desmond

 <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED]

 

c - 312.731.3132

 

 


  _____  


From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Wednesday, October 12, 2005 1:50 PM
To: [email protected]
Subject: RE: [ActiveDir] Trust issue

 

nope.

 

-----Original Message----- 
From: Brian Desmond [mailto:[EMAIL PROTECTED] 
Sent: Wed 10/12/2005 1:46 PM 
To: [email protected] 
Cc: 
Subject: RE: [ActiveDir] Trust issue

Is there a firewall between the two places? PDC emulators in particular? 

Thanks, 
Brian Desmond 
[EMAIL PROTECTED] 
  
c - 312.731.3132 
  
  

-----Original Message----- 
From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom 
Sent: Wednesday, October 12, 2005 1:35 PM 
To: [email protected] 
Subject: [ActiveDir] Trust issue 

I have an external 2 way trust between a child domain in a win2k3 forest 
(win2k3 FFL) and a child domain in a win2k native mode forest. 
  
I set up the trust thru netdom or the Domains and Trusts mmc and after a few

minutes it fails coming from the win2k side. 
the win2k domain/dc stops trusting the win2k3 domain/dc but the win2k3 trust

stays up. 
  
i have dns set up for forwarding on both sides for the respective 
domains/dns servers. 
i also have lmhosts entries on both dc's in the trust. 
  
nothing is logged in the event logs are either dc. 
  
is there anything else i should be looking at? 
thanks alot 
.+w?B+v*rz     Vryi?? 

List info   : http://www.activedir.org/List.aspx 
List FAQ    : http://www.activedir.org/ListFAQ.aspx 
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

<<attachment: winmail.dat>>

Reply via email to