NT trust to W2K Ad stopped working last Wednesday

Archived from groups: microsoft.public.windowsnt.domain (More info?)

My trust to two nt resource domains quit working last
week. Is there any body else that has the same problem?
I have been workink on this with MS and still no
resolution. Thanks in advance.
16 answers Last reply
More about trust stopped working wednesday
  1. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    It's actually pretty common but there a number of
    reasons the trusts quit working e.g., Cable, NIC,
    routing, name resolution, or something blocking the
    necessary netbios ports like a personal firewall ect.
    ect. Can you give us more details of what symptoms
    you are seeing and what you have tried unsuccessfully?


    "Randy" <aubuchon007@earthlink.net> wrote in message
    > My trust to two nt resource domains quit working last
    > week. Is there any body else that has the same problem?
    > I have been workink on this with MS and still no
    > resolution. Thanks in advance.
  2. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    With MS on the phone we broke the trust and recreated with
    netdom. Netdom would not complete successfully. I do get
    the W2k domain to trust the NT domain. When I try to map
    from the w2k AD domain I get The trust relationship
    between the Primary and the trusted domain failed. I get
    admin alert messages (on w2k) saying message from NETLOGON
    at"NT machine"

    Failed to authenticate with \\W2k DC, a windows NT domain
    Controller for W2k.

    I just reset the "RestricAnonymous" on w2k DC's to 0.

    Every thing is on the Lan on one net sharing the same Wins
    server.

    Everything pings out.




    >-----Original Message-----
    >It's actually pretty common but there a number of
    >reasons the trusts quit working e.g., Cable, NIC,
    >routing, name resolution, or something blocking the
    >necessary netbios ports like a personal firewall ect.
    >ect. Can you give us more details of what symptoms
    >you are seeing and what you have tried unsuccessfully?
    >
    >
    >"Randy" <aubuchon007@earthlink.net> wrote in message
    >> My trust to two nt resource domains quit working last
    >> week. Is there any body else that has the same problem?
    >> I have been workink on this with MS and still no
    >> resolution. Thanks in advance.
    >
    >
    >.
  3. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    What error did you receive while attempting to use netdom?
    Open a dos prompt immediately after unsuccessfully using
    netdom to complete the trusts and run nbtstat -c and verify
    the following netbios names are in the cache without conflict
    domain names 1b, 1c and at least computer names 00, 20, 03
    pertaining to the PDC/PDC emulator in the remote domain.

    "Randy" <aubuchon007@earthlink.net> wrote in message
    > With MS on the phone we broke the trust and recreated with
    > netdom. Netdom would not complete successfully. I do get
    > the W2k domain to trust the NT domain. When I try to map
    > from the w2k AD domain I get The trust relationship
    > between the Primary and the trusted domain failed. I get
    > admin alert messages (on w2k) saying message from NETLOGON
    > at"NT machine"
    >
    > Failed to authenticate with \\W2k DC, a windows NT domain
    > Controller for W2k.
    >
    > I just reset the "RestricAnonymous" on w2k DC's to 0.
    >
    > Every thing is on the Lan on one net sharing the same Wins
    > server.
    >
    > Everything pings out.
  4. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    I ran the netdom command and it ran successfully this
    time. I had all the netbios names in the cache. What
    else can I check?


    >-----Original Message-----
    >What error did you receive while attempting to use netdom?
    >Open a dos prompt immediately after unsuccessfully using
    >netdom to complete the trusts and run nbtstat -c and
    verify
    >the following netbios names are in the cache without
    conflict
    >domain names 1b, 1c and at least computer names 00, 20, 03
    >pertaining to the PDC/PDC emulator in the remote domain.
    >
    >"Randy" <aubuchon007@earthlink.net> wrote in message
    >> With MS on the phone we broke the trust and recreated
    with
    >> netdom. Netdom would not complete successfully. I do
    get
    >> the W2k domain to trust the NT domain. When I try to map
    >> from the w2k AD domain I get The trust relationship
    >> between the Primary and the trusted domain failed. I
    get
    >> admin alert messages (on w2k) saying message from
    NETLOGON
    >> at"NT machine"
    >>
    >> Failed to authenticate with \\W2k DC, a windows NT
    domain
    >> Controller for W2k.
    >>
    >> I just reset the "RestricAnonymous" on w2k DC's to 0.
    >>
    >> Every thing is on the Lan on one net sharing the same
    Wins
    >> server.
    >>
    >> Everything pings out.
    >
    >
    >.
    >
  5. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    So your problem is intermittant or do you see current
    5719s on the DCs in either domain?

    "Randy" <aubuchonz@earthlink.net> wrote in message
    >
    > I ran the netdom command and it ran successfully this
    > time. I had all the netbios names in the cache. What
    > else can I check?
  6. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    I see a couple on both domains on 4/15 which is when my
    problem started. I am also getting allot of 3210's. The
    problem does not seem intermittant. I am unable to map to
    the trusting domain (NT domain). Yesterday I ran
    nltest /sc_query:w2k from the nt domain and got an
    error_access_denied. Status 5 0x5. thanks for the help.


    >-----Original Message-----
    >So your problem is intermittant or do you see current
    >5719s on the DCs in either domain?
    >
    >"Randy" <aubuchonz@earthlink.net> wrote in message
    >>
    >> I ran the netdom command and it ran successfully this
    >> time. I had all the netbios names in the cache. What
    >> else can I check?
    >
    >
    >.
    >
  7. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    Have you checked NTLM compatibility?

    "Randy" <anonymous@discussions.microsoft.com> wrote in message
    > I see a couple on both domains on 4/15 which is when my
    > problem started. I am also getting allot of 3210's. The
    > problem does not seem intermittant. I am unable to map to
    > the trusting domain (NT domain). Yesterday I ran
    > nltest /sc_query:w2k from the nt domain and got an
    > error_access_denied. Status 5 0x5. thanks for the help.
  8. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    I have knock down the AD DC's security policy to allow for
    downlevel clients. What is the best way to check NTLM
    compatibility?

    >-----Original Message-----
    >Have you checked NTLM compatibility?
    >
    >"Randy" <anonymous@discussions.microsoft.com> wrote in
    message
    >> I see a couple on both domains on 4/15 which is when my
    >> problem started. I am also getting allot of 3210's.
    The
    >> problem does not seem intermittant. I am unable to map
    to
    >> the trusting domain (NT domain). Yesterday I ran
    >> nltest /sc_query:w2k from the nt domain and got an
    >> error_access_denied. Status 5 0x5. thanks for the help.
    >
    >
    >.
    >
  9. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    Compare the following on the DCs in each domain:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\LMcompatibilityl
    evel

    "Randy" <anonymous@discussions.microsoft.com> wrote in message
    >
    > I have knock down the AD DC's security policy to allow for
    > downlevel clients. What is the best way to check NTLM
    > compatibility?
    >
  10. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    It was set to 1 when I set it to 0 I can map from the
    console. Do you know what AD policy controls that reg
    setting?


    >-----Original Message-----
    >Compare the following on the DCs in each domain:
    >
    >HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\LM
    compatibilityl
    >evel
    >
    >"Randy" <anonymous@discussions.microsoft.com> wrote in
    message
    >>
    >> I have knock down the AD DC's security policy to allow
    for
    >> downlevel clients. What is the best way to check NTLM
    >> compatibility?
    >>
    >
    >
    >.
    >
  11. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    Network security: Lan Manager authentication level

    "Randy" <anonymous@discussions.microsoft.com> wrote in message
    > It was set to 1 when I set it to 0 I can map from the
    > console. Do you know what AD policy controls that reg
    > setting?
  12. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    Its still not working do I need to break the trust and
    recreate?


    >-----Original Message-----
    >Network security: Lan Manager authentication level
    >
    >"Randy" <anonymous@discussions.microsoft.com> wrote in
    message
    >> It was set to 1 when I set it to 0 I can map from the
    >> console. Do you know what AD policy controls that reg
    >> setting?
    >
    >
    >.
    >
  13. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    Yes. I would think the trusts were not properly established..

    "Randy" <anonymous@discussions.microsoft.com> wrote in message
    news:23ef01c427ce$bb71cc40$a601280a@phx.gbl...
    > Its still not working do I need to break the trust and
    > recreate?
    >
  14. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    Well late yesterday after a reboot and recreating the
    trust with netdom, trust NT to W2k is working. It was the
    Lan Manager Authentication Level. I had it set to send lm
    and ntlm -use ntlmv2 session if negotiated. I set it down
    to send LM & NTLM responses. I have had it set the latter
    for a long time, I was suprised that it stopped working.
    I run SUS and some security patches rolled out last week.
    I think the patches must have change something with this
    setting. With viruses taking advandage of security
    vulnerabilities so quickly anymore. I hate to miss a
    security update or have to uninstall the update. Have you
    heard of any others having this problem? Thanks for your
    help. I love this newsgroup.


    >-----Original Message-----
    >Yes. I would think the trusts were not properly
    established..
    >
    >"Randy" <anonymous@discussions.microsoft.com> wrote in
    message
    >news:23ef01c427ce$bb71cc40$a601280a@phx.gbl...
    >> Its still not working do I need to break the trust and
    >> recreate?
    >>
    >
    >
    >.
    >
  15. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    No actually I haven't heard a whole lot regarding this particular
    issue. I suppose it's possible the update may have reset the
    NTLM parameters as a security measure..

    "Randy" <anonymous@discussions.microsoft.com> wrote in message
    > Well late yesterday after a reboot and recreating the
    > trust with netdom, trust NT to W2k is working. It was the
    > Lan Manager Authentication Level. I had it set to send lm
    > and ntlm -use ntlmv2 session if negotiated. I set it down
    > to send LM & NTLM responses. I have had it set the latter
    > for a long time, I was suprised that it stopped working.
    > I run SUS and some security patches rolled out last week.
    > I think the patches must have change something with this
    > setting. With viruses taking advandage of security
    > vulnerabilities so quickly anymore. I hate to miss a
    > security update or have to uninstall the update. Have you
    > heard of any others having this problem? Thanks for your
    > help. I love this newsgroup.
  16. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    i agree
    Michael Giorgio - MS MVP <Michael.Giorgio@NoSpam.mayerson.com> wrote in
    message news:uqn7w98JEHA.3920@TK2MSFTNGP10.phx.gbl...
    > Yes. I would think the trusts were not properly established..
    >
    > "Randy" <anonymous@discussions.microsoft.com> wrote in message
    > news:23ef01c427ce$bb71cc40$a601280a@phx.gbl...
    > > Its still not working do I need to break the trust and
    > > recreate?
    > >
    >
    >
Ask a new question

Read More

Domain Resolution Microsoft Windows