Sign in with
Sign up | Sign in
Your question

NT trust to W2K Ad stopped working last Wednesday

Last response: in Windows 2000/NT
Share
April 20, 2004 3:41:51 PM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

My trust to two nt resource domains quit working last
week. Is there any body else that has the same problem?
I have been workink on this with MS and still no
resolution. Thanks in advance.
Anonymous
April 20, 2004 7:03:44 PM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

It's actually pretty common but there a number of
reasons the trusts quit working e.g., Cable, NIC,
routing, name resolution, or something blocking the
necessary netbios ports like a personal firewall ect.
ect. Can you give us more details of what symptoms
you are seeing and what you have tried unsuccessfully?


"Randy" <aubuchon007@earthlink.net> wrote in message
> My trust to two nt resource domains quit working last
> week. Is there any body else that has the same problem?
> I have been workink on this with MS and still no
> resolution. Thanks in advance.
April 20, 2004 7:03:45 PM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

With MS on the phone we broke the trust and recreated with
netdom. Netdom would not complete successfully. I do get
the W2k domain to trust the NT domain. When I try to map
from the w2k AD domain I get The trust relationship
between the Primary and the trusted domain failed. I get
admin alert messages (on w2k) saying message from NETLOGON
at"NT machine"

Failed to authenticate with \\W2k DC, a windows NT domain
Controller for W2k.

I just reset the "RestricAnonymous" on w2k DC's to 0.

Every thing is on the Lan on one net sharing the same Wins
server.

Everything pings out.




>-----Original Message-----
>It's actually pretty common but there a number of
>reasons the trusts quit working e.g., Cable, NIC,
>routing, name resolution, or something blocking the
>necessary netbios ports like a personal firewall ect.
>ect. Can you give us more details of what symptoms
>you are seeing and what you have tried unsuccessfully?
>
>
>"Randy" <aubuchon007@earthlink.net> wrote in message
>> My trust to two nt resource domains quit working last
>> week. Is there any body else that has the same problem?
>> I have been workink on this with MS and still no
>> resolution. Thanks in advance.
>
>
>.
Anonymous
April 20, 2004 7:36:54 PM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

What error did you receive while attempting to use netdom?
Open a dos prompt immediately after unsuccessfully using
netdom to complete the trusts and run nbtstat -c and verify
the following netbios names are in the cache without conflict
domain names 1b, 1c and at least computer names 00, 20, 03
pertaining to the PDC/PDC emulator in the remote domain.

"Randy" <aubuchon007@earthlink.net> wrote in message
> With MS on the phone we broke the trust and recreated with
> netdom. Netdom would not complete successfully. I do get
> the W2k domain to trust the NT domain. When I try to map
> from the w2k AD domain I get The trust relationship
> between the Primary and the trusted domain failed. I get
> admin alert messages (on w2k) saying message from NETLOGON
> at"NT machine"
>
> Failed to authenticate with \\W2k DC, a windows NT domain
> Controller for W2k.
>
> I just reset the "RestricAnonymous" on w2k DC's to 0.
>
> Every thing is on the Lan on one net sharing the same Wins
> server.
>
> Everything pings out.
April 20, 2004 7:36:55 PM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

I ran the netdom command and it ran successfully this
time. I had all the netbios names in the cache. What
else can I check?


>-----Original Message-----
>What error did you receive while attempting to use netdom?
>Open a dos prompt immediately after unsuccessfully using
>netdom to complete the trusts and run nbtstat -c and
verify
>the following netbios names are in the cache without
conflict
>domain names 1b, 1c and at least computer names 00, 20, 03
>pertaining to the PDC/PDC emulator in the remote domain.
>
>"Randy" <aubuchon007@earthlink.net> wrote in message
>> With MS on the phone we broke the trust and recreated
with
>> netdom. Netdom would not complete successfully. I do
get
>> the W2k domain to trust the NT domain. When I try to map
>> from the w2k AD domain I get The trust relationship
>> between the Primary and the trusted domain failed. I
get
>> admin alert messages (on w2k) saying message from
NETLOGON
>> at"NT machine"
>>
>> Failed to authenticate with \\W2k DC, a windows NT
domain
>> Controller for W2k.
>>
>> I just reset the "RestricAnonymous" on w2k DC's to 0.
>>
>> Every thing is on the Lan on one net sharing the same
Wins
>> server.
>>
>> Everything pings out.
>
>
>.
>
Anonymous
April 20, 2004 9:09:45 PM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

So your problem is intermittant or do you see current
5719s on the DCs in either domain?

"Randy" <aubuchonz@earthlink.net> wrote in message
>
> I ran the netdom command and it ran successfully this
> time. I had all the netbios names in the cache. What
> else can I check?
April 21, 2004 12:04:48 PM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

I see a couple on both domains on 4/15 which is when my
problem started. I am also getting allot of 3210's. The
problem does not seem intermittant. I am unable to map to
the trusting domain (NT domain). Yesterday I ran
nltest /sc_query:w2k from the nt domain and got an
error_access_denied. Status 5 0x5. thanks for the help.


>-----Original Message-----
>So your problem is intermittant or do you see current
>5719s on the DCs in either domain?
>
>"Randy" <aubuchonz@earthlink.net> wrote in message
>>
>> I ran the netdom command and it ran successfully this
>> time. I had all the netbios names in the cache. What
>> else can I check?
>
>
>.
>
Anonymous
April 21, 2004 3:11:36 PM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Have you checked NTLM compatibility?

"Randy" <anonymous@discussions.microsoft.com> wrote in message
> I see a couple on both domains on 4/15 which is when my
> problem started. I am also getting allot of 3210's. The
> problem does not seem intermittant. I am unable to map to
> the trusting domain (NT domain). Yesterday I ran
> nltest /sc_query:w2k from the nt domain and got an
> error_access_denied. Status 5 0x5. thanks for the help.
April 21, 2004 3:11:37 PM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

I have knock down the AD DC's security policy to allow for
downlevel clients. What is the best way to check NTLM
compatibility?

>-----Original Message-----
>Have you checked NTLM compatibility?
>
>"Randy" <anonymous@discussions.microsoft.com> wrote in
message
>> I see a couple on both domains on 4/15 which is when my
>> problem started. I am also getting allot of 3210's.
The
>> problem does not seem intermittant. I am unable to map
to
>> the trusting domain (NT domain). Yesterday I ran
>> nltest /sc_query:w2k from the nt domain and got an
>> error_access_denied. Status 5 0x5. thanks for the help.
>
>
>.
>
Anonymous
April 21, 2004 4:02:57 PM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Compare the following on the DCs in each domain:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\LMcompatibilityl
evel

"Randy" <anonymous@discussions.microsoft.com> wrote in message
>
> I have knock down the AD DC's security policy to allow for
> downlevel clients. What is the best way to check NTLM
> compatibility?
>
April 21, 2004 4:02:58 PM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

It was set to 1 when I set it to 0 I can map from the
console. Do you know what AD policy controls that reg
setting?


>-----Original Message-----
>Compare the following on the DCs in each domain:
>
>HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\LM
compatibilityl
>evel
>
>"Randy" <anonymous@discussions.microsoft.com> wrote in
message
>>
>> I have knock down the AD DC's security policy to allow
for
>> downlevel clients. What is the best way to check NTLM
>> compatibility?
>>
>
>
>.
>
Anonymous
April 21, 2004 4:34:41 PM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Network security: Lan Manager authentication level

"Randy" <anonymous@discussions.microsoft.com> wrote in message
> It was set to 1 when I set it to 0 I can map from the
> console. Do you know what AD policy controls that reg
> setting?
April 21, 2004 4:34:42 PM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Its still not working do I need to break the trust and
recreate?


>-----Original Message-----
>Network security: Lan Manager authentication level
>
>"Randy" <anonymous@discussions.microsoft.com> wrote in
message
>> It was set to 1 when I set it to 0 I can map from the
>> console. Do you know what AD policy controls that reg
>> setting?
>
>
>.
>
Anonymous
April 21, 2004 6:33:36 PM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Yes. I would think the trusts were not properly established..

"Randy" <anonymous@discussions.microsoft.com> wrote in message
news:23ef01c427ce$bb71cc40$a601280a@phx.gbl...
> Its still not working do I need to break the trust and
> recreate?
>
April 22, 2004 10:16:26 AM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Well late yesterday after a reboot and recreating the
trust with netdom, trust NT to W2k is working. It was the
Lan Manager Authentication Level. I had it set to send lm
and ntlm -use ntlmv2 session if negotiated. I set it down
to send LM & NTLM responses. I have had it set the latter
for a long time, I was suprised that it stopped working.
I run SUS and some security patches rolled out last week.
I think the patches must have change something with this
setting. With viruses taking advandage of security
vulnerabilities so quickly anymore. I hate to miss a
security update or have to uninstall the update. Have you
heard of any others having this problem? Thanks for your
help. I love this newsgroup.




>-----Original Message-----
>Yes. I would think the trusts were not properly
established..
>
>"Randy" <anonymous@discussions.microsoft.com> wrote in
message
>news:23ef01c427ce$bb71cc40$a601280a@phx.gbl...
>> Its still not working do I need to break the trust and
>> recreate?
>>
>
>
>.
>
Anonymous
April 22, 2004 2:28:07 PM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

No actually I haven't heard a whole lot regarding this particular
issue. I suppose it's possible the update may have reset the
NTLM parameters as a security measure..

"Randy" <anonymous@discussions.microsoft.com> wrote in message
> Well late yesterday after a reboot and recreating the
> trust with netdom, trust NT to W2k is working. It was the
> Lan Manager Authentication Level. I had it set to send lm
> and ntlm -use ntlmv2 session if negotiated. I set it down
> to send LM & NTLM responses. I have had it set the latter
> for a long time, I was suprised that it stopped working.
> I run SUS and some security patches rolled out last week.
> I think the patches must have change something with this
> setting. With viruses taking advandage of security
> vulnerabilities so quickly anymore. I hate to miss a
> security update or have to uninstall the update. Have you
> heard of any others having this problem? Thanks for your
> help. I love this newsgroup.
Anonymous
May 15, 2004 7:12:19 PM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

i agree
Michael Giorgio - MS MVP <Michael.Giorgio@NoSpam.mayerson.com> wrote in
message news:uqn7w98JEHA.3920@TK2MSFTNGP10.phx.gbl...
> Yes. I would think the trusts were not properly established..
>
> "Randy" <anonymous@discussions.microsoft.com> wrote in message
> news:23ef01c427ce$bb71cc40$a601280a@phx.gbl...
> > Its still not working do I need to break the trust and
> > recreate?
> >
>
>
!