Trust Verification Status = 1311 0x51f ERROR_NO_LOGON_SERVERS

Hi All,

  We are having intermittence disconnection to forest trust and when i run the following command found this

nltest /sc_verify:external.com

Flags: 80
Trusted DC Name
Trusted DC Connection Status Status = 1311 0x51f ERROR_NO_LOGON_SERVERS
Trust Verification Status = 1311 0x51f ERROR_NO_LOGON_SERVERS
The command completed successfully

We have 5 DC's and  only one cause this issue.

As

January 22nd, 2015 4:34am

Can you pls check below ports are opened or not from both the end.

<Service Name="Domains and Trusts">
    <Port Name="RPC" Value="135" Protocol="TCP"/>
    <Port Name="LDAP" Value="389" Protocol="BOTH"/>
    <Port Name="LDAP SSL" Value="636" Protocol="TCP"/>
    <Port Name="LDAP GC" Value="3268" Protocol="TCP"/>
    <Port Name="LDAP GC SSL" Value="3269" Protocol="TCP"/>
    <Port Name="DNS" Value="53" Protocol="BOTH"/>
    <Port Name="Kerberos" Value="88" Protocol="BOTH"/>
    <Port Name="SMB" Value="445" Protocol="TCP"/>
    <Port Name="NetBIOS Name" Value="137" Protocol="UDP"/>
    <Port Name="NetBIOS NetLogon Browsing" Value="138" Protocol="UDP"/>
    <Port Name="NetBIOS Session" Value="139" Protocol="TCP"/>
    <Port Name="WINS Replication" Value="42" Protocol="TCP"/>

Use port Query.

https://www.microsoft.com/en-in/download/details.aspx?id=24009

Free Windows Admin Tool Kit Click here and download it now
January 22nd, 2015 8:55am

That should be either a DNS resolution problem or ports required for the trust are blocked or filtered.

For DNS resolution, make sure that you have conditional forwarders or secondary DNS zones that allow each domain within your forests to resolve the other domain(s) in the other forest. You use NSlookup for troubleshooting: http://social.technet.microsoft.com/wiki/contents/articles/29184.nslookup-for-beginners.aspx

As for the required ports, you can find them here: https://support.microsoft.com/kb/179442?wa=wsignin1.0

You can use PortQryUI for checking.

January 22nd, 2015 10:35am

Found this from my PDC ?

=============================================

 Starting portqry.exe -n  server.domain.com -e 135 -p TCP ...


Querying target system called:

 server.domain.com

Attempting to resolve name to IP address...

Name resolved to 10.12.4.6

querying...

TCP port 135 (epmap service): FILTERED
portqry.exe -n  server.domain.com -e 135 -p TCP exits with return code 0x00000002.
=============================================

Free Windows Admin Tool Kit Click here and download it now
February 3rd, 2015 1:45am

Found this from my PDC ?

=============================================

 Starting portqry.exe -n  server.domain.com -e 135 -p TCP ...


Querying target system called:

 server.domain.com

Attempting to resolve name to IP address...

Name resolved to 10.12.4.6

querying...

TCP port 135 (epmap service): FILTERED
portqry.exe -n  server.domain.com -e 135 -p TCP exits with return code 0x00000002.
=============================================

You would need to identify the cause of the filtering. You might want to try to temporary disable security software running on the server for testing.
February 3rd, 2015 4:21am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics