I have DomainA and DomainB on the same Network. DomainA consist of two
Domain Controllers (#1 & #2), and DomainB Costist of one Domain Controller,
and we'll call it DC #3.
On DomainA: DC #1 is running AD on Windows 2000 Server, and DC #2 is also
Running AD but Windows 2003 Server.
DC #2 came on as a Replica to DC #1, and is now the Master Role holder for
DomainA.
DC #3 is running AD for DomainB and is on Windows 2000 Server.
At one point, about a year ago, trust relationships were succesfully created
between DomainA and DomainB.
I now can no longer Verify the Trust relationships because from whichever
domain or DC I try to verify them, I get an error saying that "The RPC
Server is unavailable" on the oposite DC.
I do however have sort of a 1/2 working trust between the domains, meaning
Computers on DomainA can get to shared objects on DomainB, and Viceversa,
except that Users on DomainB can only get to Shared objects on DC #1, but
can't access Shares on DC #2 even though they are both DC for DomainA.
Another observation that may help... DC #1 and DC #2 share AD items, such as
Users and Computers and such. Let's say I want to add a User from DomainB to
a Shared Folder on DomainA\DC #1, I can successfully ad the user cross
domain, and everything works OK. On the other hand, if I try the adding the
same user permissions from DomainB to a share located on DC #2, I can't even
browse DomainB through the "Look in" to find the user in DomainB.
Also, let's say I have succesfully created a shared Folder on DC #1
(DomainA), and added Security Permissions to a users from DomainB. If now I
check the properties of that folder from DC #2 (DomainA), the user from
DomainB will show up as a SID number.
I hope I didn't ramble-on too much on this. I'm trying to explain the
situation as best as I can.
Please help.
Thanks,
Sam
Please help...
Thanks again,
Sam
"Sam Manzella" <SJMan...@HAWAinc.com> wrote in message
news:uVdC$AlnDH...@tk2msftngp13.phx.gbl...
>.
>
I'm using the DomMon (Domain Monitor utility) to check things out, and it
appears that DC #1 on DomanA and DC #3 on DomainB verify their trusts fine
"Success", but DC #2 on DomainA fails, and returns an "Error" message under
"Link to Trusted Domain", and on the bottom window it shows "NoLog"Svr"
under "Secure Channel Status"
I hope this makes sense to someone.
Thanks,
Sam
"AUSPS" <anon...@discussions.microsoft.com> wrote in message
news:0b9201c39e64$8ea19c20$a001...@phx.gbl...
That should provide more detailed information on the problem.
Later, you will want to run nltest /dbflag:0x00000000 or else the
netlogon.log file can grow quite large.
--
Michael Snyder
Active Directory Admin Tool Test
This posting is provided "AS IS" with no warranties, and confers no rights.
"Sam Manzella" <SJMan...@HAWAinc.com> wrote in message
news:eHpP1mmn...@TK2MSFTNGP09.phx.gbl...
Thank you for your assistance. However, I'm running into a problem while
trying to run the nltest utility. When I try to execute the commands as you
suggested through the command line, I get the following error:
nltest.exe - Entry Point Not Found
X - The Procedure Entry Point NetEnumerateTrustedDomainEx could not be
located in the dynamic link library NETAP132.DLL
Please help...
Thank you,
Sam
"Michael Snyder [MSFT]" <mic...@online.microsoft.com> wrote in message
news:uUhd4Snn...@TK2MSFTNGP12.phx.gbl...
--
Michael Snyder
Active Directory Admin Tool Test
This posting is provided "AS IS" with no warranties, and confers no rights.
"Sam Manzella" <sjman...@hawainc.com> wrote in message
news:%23QqNW2x...@tk2msftngp13.phx.gbl...
I didn't realize that the new nltest.exe is included in the Windows 2003. I
was using one from the Windows 2000 Resource Kit, and I was searching for
the 2003 Resource kit which I don't believe is out yet.
Anyway, I was able to generate a Netlogon.log file, but I'm not really sure
how to interpret some of the "Critical" lines. Can I send this file to you
for inspection, and hopefully point me in right direction?
Also, when I tried to run the "nltest /sc_query:domainname\DCname" I
recieved the following error:
I_netlogonControl Failed Status=1355 0x54f ERROR_NO_LOGON_SERVERS
I found some information on Microsoft's website, suggesting to use the FQDN
instead of breaking the syntax up in Domainname\DCname, but it still didn't
work.
I also tried running the following switch just to try:
nltest /dcname:domainname
and I got this error:
NetGetDCName Failed: Status=2453 0x995 NERR_DCNotFound
I'm really lost here.
Thanks again for your help.
Sam
"Michael Snyder [MSFT]" <mic...@online.microsoft.com> wrote in message
news:uHLD0h9n...@tk2msftngp13.phx.gbl...
If you still want to send the logs, just remove the online from my email
address and I can take a look.
--
Michael Snyder
Active Directory Admin Tool Test
This posting is provided "AS IS" with no warranties, and confers no rights.
"Sam Manzella" <sjman...@hawainc.com> wrote in message
news:uVFIznio...@TK2MSFTNGP12.phx.gbl...
I just sent you an email with an nltest and some dcdiag results. Please let
me know if you don't receive the email.
Thanks again for your help.
Sam
"Michael Snyder [MSFT]" <mic...@online.microsoft.com> wrote in message
news:OJ5Ytyjo...@tk2msftngp13.phx.gbl...
At the moment, it appears that DNS issues are causing the problems verifying
the trusts in these forests.
--
Michael Snyder
Active Directory Admin Tool Test
This posting is provided "AS IS" with no warranties, and confers no rights.
"Sam Manzella" <sjman...@hawainc.com> wrote in message
news:eHUUyMlo...@TK2MSFTNGP09.phx.gbl...
Michael gave lots of tips on how to go about fixing the problem. From the
DCdiag tests he had me run, he determined that it was a problem with my DNS
configurations. I changed things around, and my DCDiag test came back
looking better, but the problem still exist. I sort of gave up for a while.
I'm going to focus on it again after the Holidays. I'm currently getting
trust between my older windows 2000 Servers, so I have my cross-domain
shared folders there, but I want to move things to the new 2003 server once
I get it figured out.
Sam
"Brian Brezina" <brian_...@ncsu.edu> wrote in message
news:8A8A58E2-6236-4C9F...@microsoft.com...