Domain trust try to validate with wrong Domain Controller (Network Steve Forum)

Domain trust try to validate with wrong Domain Controller

Hi everyone,

I wanted to know if some of you already met that particular issue:

- A trust being validated to a DC that does not own FSMO (nor PDC role) make my trust inconsistent or corrupted.

In my case my source domain have a conditional forwarder set on the Domain Controller Box same for the target Domain.

I have many DCs and AD sites configured in my target domain, on the underlying network architecture there is a big MPLS Verizon (issue could be produced by bad network path ?)

I checked following on both domains :

- Name resolution : SRV/A = OK

- Clean Site topology references : (both domains sides DNS and AD Site & Services) = OK

- AD Subnet overlapping : Everything is clean no overlapping

- Other AD Tools : Nltest /dclist

I'm currently scrolling through Event viewer on both domains in order to find something about trust valid

April 27th, 2015 5:59am

Don't you have any error message?

Free Windows Admin Tool Kit Click here and download it now

April 27th, 2015 8:10am

The error message is "No RPC Server unavailable" with the targeted wrong DC hostname from the target domain.

Actually we have shutdown the wrong DC in the target domain.

But I would know what/why a DC is targeted as Trust validator without the PDCe role.

As I can understand the Trust validation process; the PDCe is involved for Trust Password set/renewal purposes.

And the targeted DC does not own FSMOs.

- Required AD Ports are opened with the good AD Site where FSMOs are deployed.

April 27th, 2015 12:03pm

The PDC is used to change the password for the TDO. For the RPC issue try with portqry and see wh

Free Windows Admin Tool Kit Click here and download it now

April 27th, 2015 12:17pm

Hi,

In addition to others, please refer to the wiki article to troubleshoot Windows Server Troubleshooting: "The RPC server is unavailable"

http://social.technet.microsoft.com/wiki/contents/articles/4494.windows-server-troubleshooting-the-rpc-server-is-unavailable.aspx

Please feel free to let us know if you have any updates about the issue.

Regards.

April 27th, 2015 9:32pm

thanks to all for your answers.

does anybody have ideas about which component make decision to contact the last promoted DC site accross trusts? Cause my source Domain is in korea and my target site is based in France... So I don't think that DC locator choose that site as the next hop... It tell rpc server unavailable cause we wont Korean DCs talk with France DCs and there is a dedicated Site in my target domain for Korea toi.

Free Windows Admin Tool Kit Click here and download it now

April 28th, 2015 3:23am

This topic is archived. No further replies will be accepted.