| Author | Messages | |
AD000001289
Posts:0
 | | 03/04/2006 8:06 AM |
| Yea, all of the dc is SP1 installed long time back. There is few other NT4 trust in win2k3 domain, by not taking the risk, so we decided not to re-apply again. Further, we've only a single domain, no child; policy settings are identical among them.
Thanks for the info. However, the nt4 domain owner decided to upgrade the box to win2k.
Best Regards,
Raynus Ky CHOO
Windows Administrator (ADSM/NT Security)
Spherion Technology Group, Singapore
For Agilent Technologies
Hotline: 215-8485 (24x5)
Telnet: 215-7290
E-mail: raynus-ky_choo@xxxxxxxxxxxxxxx
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Mark Parris
Sent: Saturday, March 04, 2006 4:49 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] external trust between NT4 domain and windows 200 3 fails
Is the w2k3 forest SP1?
If so then the security settings in the default DC policy may have to be
altered. I had this issue which caused be to role back SP1 upgrades until I
could resolve the trust issues between SP1 and NT4.0 the settings that had
to change were not the ones detailed in the trouble shooting trusts that
Microsoft has published. How do I know this? - I applied them and they did
nothing. To resolve the issue I had a root domain with two child domains the
trust worked with one SP1 child domain and not the other - they both had
different Default Domain Controller Group Policy Settings- so I exported the
working one to the failing domain and voila - the trusts worked. I then had
to do some more clean up work afterwards as the security objects from the
NT4.0 domain only would then appear as SIDS an not their nice NT 4.0 name,
sorry I cannot help anymore but there is now 20 miles between me and my
office so I can't detail anymore info.
Oh and the other common gothca - if you are an international company make
sure the keyboards in each domain are the same language.
HTH
Mark
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Olivarez, Sergio J
Mr ANOSC/FCBS
Sent: 03 March 2006 20:27
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] external trust between NT4 domain and windows 200 3
fails
It's been a while, but I created a bunch of these a while back. First off,
remove the trusts from both sides. Then reboot both the NT PDC and the 2003
PDCE. When they come back up try to establish the trust again. If it still
fails then look at the tips below.
Make sure that the "RestrictAnonymous" is set to "0" on both the NT PDC and
the 2003 PDCE. Key should be located under the following path, create it if
its not there:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA
Also, make sure that the LMCompatabilitylevel key is set to a level that
will work on both the PDC/PDCE, i.e. NT PDC = 4 and 2003 PDCE = 5. Key is
also located under the same path.
Thanks... ... ... ...
Sergio J. Olivarez - Contractor
GD-NS
-----Original Message-----
From: Tony Murray [mailto:tony@xxxxxxxxxxxxx]
Sent: Friday, March 03, 2006 12:40 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] external trust between NT4 domain and windows 2003
fails
You might get more information if you run a network trace (e.g. using
NetMon).
Tony
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of
raynus-ky_choo@xxxxxxxxxxxxxxx
Sent: Saturday, 4 March 2006 8:21 a.m.
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] external trust between NT4 domain and windows 2003
fails
Hi,
Need help desperately to setup trust between NT4 and win2k3. I've error
'domain controller not found'.
I'm pretty sure the name resolution for each other is fine (by lhmost), the
trust was working before, however after it's broke, I can't re-establish
again.
Seen someone has the same error,
http://www.experts-exchange.com/Operating_Systems/WinNT/Q_21631912.html, has
tried the MSKB Article 325874 troubleshooting, but couldn't help much.
Best Regards,
Raynus Ky CHOO
Windows Administrator (ADSM/NT Security) Spherion Technology Group,
Singapore For Agilent Technologies
Hotline: 215-8485 (24x5)
Telnet: 215-7290
E-mail: raynus-ky_choo@xxxxxxxxxxxxxxx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
|
|