Thanks Joe...I think we figured it out....the domain controller having issues has lost it's route to domain b....I think we can get this fixed if we can get the citrix server to log on to another DC.
Thanks!
Teo
On 5/5/06, joe <[EMAIL PROTECTED]> wrote:
That is name resolution failure, DomainB DC issues, or network issues...You can try thisnltest /sc_reset:domainb\dcnameIf it works, it means that you probably have name res issues.
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Teo De Las HerasSent: Friday, May 05, 2006 10:31 AM
To: [email protected]
Subject: Re: [ActiveDir] LDAP Matched DN: (Null)
Joe,On some domain controllers we're getting the following:I:\>nltest /server:<domain naming master dc> /sc_query:domainb
I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
So I think we are closer....Teo
On 5/5/06, joe <[EMAIL PROTECTED]> wrote:Yep, the first thing I would do is use nltest to verify the secure channel back to the Domain A DC from the member, then from the Domain A DC to Domain B. Don't just look at the results of nltest query, actually reset the channel as I have seen times where it says it is fine but can't reset.If the secure channel testing all pans out I would start looking at network traces as I expect you will find a network issue or firewall helping out somewhere.
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Teo De Las HerasSent: Friday, May 05, 2006 9:31 AMSubject: Re: [ActiveDir] LDAP Matched DN: (Null)
Joe,Thanks for replying. The critrix server is a member of domain A and the user accounts were having problems resolving are members of domain B.
It's hard to explain what we're seeing. Our Citrix admin is trying grant user account access to a 'published application' since the SID doesn't resolve, he's getting errors. If we try and add those same users to the local admins group, the SID also fails to resolve.The trust does validate, but we havent done extensive tests with nltest. I'm going to go and try that now.Teo
On 5/4/06, joe <[EMAIL PROTECTED]> wrote:I am not a citrix (or even TS for that matter) person so you will have to bear with me. What do you mean you are trying to add user accounts? Is this a citrix thing? Add to what?Is the citrix server a DC or is it a member in a domain? If you try to add user accounts to local groups on the server does that work? Do the accounts resolve? If not, have you chases the trust channels with nltest to see if there is a break somewhere?
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Teo De Las Heras
Sent: Thursday, May 04, 2006 5:24 PM
To: [email protected]
Subject: [ActiveDir] LDAP Matched DN: (Null)
We have a citrix server that where we're trying to add user accounts to from a trusted Windows 2000 domain. When we add the user account, only the SID shows up. In addition, we get an error when trying to save the permissions change. A trace of the communication between the citrix server and the Windows 2000 domain controller shows the following:-LDAP Message -Matched DN: (null)Error Message: (null)Error: Couldn't parse LDAP Controls: Wrong type for that item-NTLMSSP--Lan Manager Response: 00 -NTLM Response: EmptyDomain name: NULLUser name: NullPSS has not been able to help with this nor has Citrix....
