Location: List Archives

List Archives

This forum is an archive of all posts to our mailing list over the past few years.  The forum is set read only therefore to contribute you will need to join our list community.  See more info about this here.

 

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Forums >ActiveDir Mail List Archive >List Archives
Subject: [ActiveDir] (OT) Trust Issues
Prev Next
You are not authorized to post a reply.

AuthorMessages
mark.parris@xxxx.yyy

09/26/2005 5:33 AM  
Scenario

I have a forest that is a root place holder and two child domains.
Domain.Com; Child1.Domain.com; Child2.Domain.com.

The forest is in Windows Server 2003 Forest mode.

Domain.com is all Windows Server 2003 SP1
Child1.domain.com is all Windows Server 2003 SP1
Child2.domain.com is all Windows Server 2003 SP1 bar one DC.

Child1 and Child2 both have trusts to a Windows NT4.0 sp 6.0a domain.

The Problem

When I upgrade the last DC to W2K3 Service Pack 1 in Child2.Domain.com it
breaks the trust to the NT4.0 environment and I am at a loss as to why.

Child1.domain.com continues to function correctly and the trust does not
break.

All domains in the forest run the same security principles and nothing
appears in the event logs.

Removal of SP1 reverses the issue and all trusts are restored - without the
need to recreate them.

The only error message I get is when I go to validate the trust:

Verification of the trust between the domain xyz and the domain 123 was
unsuccessful because: Access is Denied.

All accounts used are Domain Admins.

Any suggestions?

The issue is not currently critical as I have removed the Service Pack, but
I will need to reapply the Service Pack soon,

Mark

List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
walls@xxxx.yyy

09/26/2005 2:12 AM  
Normally, I would look at the restrict anonymous configuration if experiencing communication issues between NT 4.0 systems and >= 2000 systems. A setting of 2 seems to break legacy communication.

Thanks,
Dave Waller
Booz Allen Hamilton

-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Mark Parris
Sent: Monday, September 26, 2005 1:31 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] (OT) Trust Issues

Scenario

I have a forest that is a root place holder and two child domains.
Domain.Com; Child1.Domain.com; Child2.Domain.com.

The forest is in Windows Server 2003 Forest mode.

Domain.com is all Windows Server 2003 SP1
Child1.domain.com is all Windows Server 2003 SP1
Child2.domain.com is all Windows Server 2003 SP1 bar one DC.

Child1 and Child2 both have trusts to a Windows NT4.0 sp 6.0a domain.

The Problem

When I upgrade the last DC to W2K3 Service Pack 1 in Child2.Domain.com it
breaks the trust to the NT4.0 environment and I am at a loss as to why.

Child1.domain.com continues to function correctly and the trust does not
break.

All domains in the forest run the same security principles and nothing
appears in the event logs.

Removal of SP1 reverses the issue and all trusts are restored - without the
need to recreate them.

The only error message I get is when I go to validate the trust:

Verification of the trust between the domain xyz and the domain 123 was
unsuccessful because: Access is Denied.

All accounts used are Domain Admins.

Any suggestions?

The issue is not currently critical as I have removed the Service Pack, but
I will need to reapply the Service Pack soon,

Mark

List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
You are not authorized to post a reply.
Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] (OT) Trust Issues



ActiveForums 3.7
Friends

Friends

VisualClickButoton
Members

Members

MembershipMembership:
Latest New UserLatest:MrPTSai
New TodayNew Today:0
New YesterdayNew Yesterday:0
User CountOverall:5234
People OnlinePeople Online:
VisitorsVisitors:44
MembersMembers:0
TotalTotal:44
Online NowOnline Now:

Ads

Copyright 2009 ActiveDir.org
Terms Of Use