Active Directory Domains and Trusts cannot be validate
I cannot validate a trust between 2 server suddenly. Please help! Thank you!
Configuration: External trusts, 2 ways, not transitive
Server A: Windows server 2003, can ping to Server B. When I validate with Server B, it display a error: The trust cannot be validated for the following reasons: The outgoing tryust was successfully validated. The secure channel (SC) reset on domain controller
\\xxx.serverb.com of domain serverb.com to domain servera.com failed with error: The RPC server is unavailable.
Server B: Windows server 2000, can ping to Server A. When i ran verify in Domains and Trusts, it display a error: "Information from the primary domain controller for the domain servera.com cannot be obtained becasue: The RPC server is unavailable. Make sure
that the PDC is operationg properly and then try again.
June 7th, 2011 1:55am
Hello,
sounds like it is blocked ports problem.
Needed ports are mentioned here: http://support.microsoft.com/kb/179442
Use PortQry v2 to check that they are opened.
Also, make sure that DNS records can be solved correctly. In each domain, configure conditional forwarders on DNS servers that forward DNS traffic to DNS servers in the other domain.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft Certified
Professional
Microsoft Certified
Systems Administrator: Security
Microsoft Certified
Systems Engineer: Security
Microsoft Certified
Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows 7, Configuring
Microsoft Certified
IT Professional: Enterprise Administrator
Free Windows Admin Tool Kit Click here and download it now
June 7th, 2011 2:45am
Thanl you for your reply. I disabled the firewall already and ran the ping test between Server A and Server B. I found Server A outgoing trust was successfully validated but the incoming failed.
June 7th, 2011 3:57am
Use nslookup to check that all is okay with DNS resolution.
I suspect that you have missing DNS records.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft Certified
Professional
Microsoft Certified
Systems Administrator: Security
Microsoft Certified
Systems Engineer: Security
Microsoft Certified
Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows 7, Configuring
Microsoft Certified
IT Professional: Enterprise Administrato
Free Windows Admin Tool Kit Click here and download it now
June 7th, 2011 4:31am
I can validated the trust but unstable.
First time - ok, second - fail, third - ok, fourth - fail ........
Have any idea??? Thanks!
June 8th, 2011 9:55pm
Hello,
please provide an unedited ipconfig /all from the DC/DNS servers.
How did you configure DNS on each site of the trust, please explain in detail?
Any firewall between the forests?Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
June 9th, 2011 2:43am
I found Event ID 4319 on the server.
"A duplicate name has been detected on the TCP network. The IP address of the machine that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state."
I used nbtstat -n and got this result.
Local Area Connection 1:
Node IpAddress: [192.28.46.1] Scope Id: []
NetBIOS Local Name Table
Name Type Status
---------------------------------------------
SERVER-FILE-1 <00> UNIQUE Registered
SERVER-AD <00> GROUP Registered
SERVER-AD <1C> GROUP Registered
SERVER-FILE-1 <20> UNIQUE Registered
SERVER-AD <1B> UNIQUE Registered
SERVER-AD <1E> GROUP Registered
SERVER-AD <1D> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered
Local Area Connection 2:
Node IpAddress: [192.28.46.2] Scope Id: []
NetBIOS Local Name Table
Name Type Status
---------------------------------------------
SERVER-FILE-1 <00> UNIQUE Registered
SERVER-AD <00> GROUP Registered
SERVER-AD <1C> GROUP Registered
SERVER-FILE-1 <20> UNIQUE Registered
SERVER-AD <1B> UNIQUE Registered
SERVER-AD <1E> GROUP Registered
My network card configuration 1
IP: 192.28.46.1
SM: 255.255.255.128
DG: 192.168.46.126
DNS:192.28.46.1
My network card configuration 2
IP: 192.28.46.2
SM: 255.255.255.128
DG: 192.168.46.126
DNS:192.28.46.1
This problem will casue my trust unstable???
June 10th, 2011 5:35am
Hello,
I see that your DC is multihomed. This is not recommended as it causes DNS problems => AD problems.
More here: http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx
Please disable the second NIC card or disable DNS registration on it. Why do you want to use two NIC cards?
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft Certified
Professional
Microsoft Certified
Systems Administrator: Security
Microsoft Certified
Systems Engineer: Security
Microsoft Certified
Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows 7, Configuring
Microsoft Certified
IT Professional: Enterprise Administrator
Free Windows Admin Tool Kit Click here and download it now
June 10th, 2011 5:41am
Finally, i disabled the network card 2, Remove domains and trusts, restart Server A and B, add new domains and trusts between Server A and B.
Problem solved....
June 17th, 2011 2:34am