Just before going to a party yesterday, I was playing with 2 VMs. Each Vm was a DC in its own forest/doman and I wanted to create a trust between the two. How difficult is that? Well, not that difficult, until you get the error... ;-(( default tests: nslookup, mappings, etc and everything OK There is a big difference here. With the DCPROMO thing I goes wrong after entering the credentials to dcpromo the DC With the TRUST thing I goes wrong as soon as you enter target domain The fun part is (quote from the DCPROMO story I wrote): <QUOTE> To test permissions and credentials I created a mapping (to the ADMIN$ share) from the stand alone server to the forest root DC and used username administrator and password CORP. result = OK To test permissions and credentials I started LDP on the stand alone server and connected to the forest root DC and used username administrator and password CORP. result = OK. I was able to anything in the directory. To test permissions and credentials and joined the stand alone server and made it a member server of the forest root domain using the username administrator and password CORP. result = OK. </QUOTE> Someone posted on my blog that this problem did not exist in pre-SP1 w2k3. So if someone can test that, please do so and post your findings here. Thanks! I'm sure the password thing will work. There is another solution and that is to connect to \\SERVER\IPC$ using the target credentials. What I have seen is that it sometimes worked and sometimes it did not. Remember, that in a multiple DC environment the DC might choose another DC then you did! Cheers, Jorge
________________________________ From: [EMAIL PROTECTED] on behalf of Tony Murray Sent: Sun 12/18/2005 3:58 AM To: [email protected] Subject: RE: [ActiveDir] FYI: Failing to create a trust Hi Jorge Weird that you should post this. I had exactly the same problem on Friday when trying to set up a cross forest trust using two vitual machines in VMWare ESX. I also performed the NetMon trace and saw the same SMB STATUS_LOGON_FAILURE error. I'll have to try the password thing when I get back to the office to see if that works in my environment. Tony -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Sunday, 18 December 2005 2:06 p.m. To: [email protected] Subject: [ActiveDir] FYI: Failing to create a trust Hi, Remember the DCPROMO thing on Vmware I experienced a while ago? (http://blogs.dirteam.com/blogs/jorge/archive/2005/11/14/60.aspx) I found another similar issue, but this time it occured when creating a trust (external or forest) between two forests. The solution is still the same When interested you can read more at: http://blogs.dirteam.com/blogs/jorge/archive/2005/12/18/297.aspx Cheers, Jorge This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
<<winmail.dat>>
