NT 4 trusts problems between domains

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Hello to all.

This is my first post here, so if I make any mistakes, my apologies.

I’m having serious problems trying to connect 2 domains, linked by a link with 2 routers (domains are in different locations). I’m trying to establish Trusts between them so that domain B users can access files in domain B, but so far all I can do is establish “Trusting�; it is impossible to establish “Trusted�.

In domain A, I managed to mark B as Trusting
In domain B, I managed to mark A as Trusting

But, when I try to add either as “Trusted� all I get is “Domain cannot be found�. The weirdest part is that, in the PDC of domain A, I can access and use shares from domain B (but not the reverse). Also, I can ping either PDC when using PDC (ping PDC A from PDC B and PDC B from A) but not workstations.

Any ideas on what might be the problem? Can the routers be responsible? Am I missing some service/option/config?

ANY help appreciated

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Hi Joao,

"Joao Luis Rita" <Joao Luis Rita@discussions.microsoft.com> wrote in
message news:
> Hello to all.
>
> This is my first post here,

Welcome..

>so if I make any mistakes, my apologies.

No worries.

>
> I'm having serious problems trying to connect 2 domains, linked by a
link with 2 routers (domains are in different locations). I'm trying to
establish Trusts between them so that domain B users can access files in
domain B, but so far all I can do is establish "Trusting"; it is
impossible to establish "Trusted".
>
> In domain A, I managed to mark B as Trusting
> In domain B, I managed to mark A as Trusting
>
> But, when I try to add either as "Trusted" all I get is "Domain cannot
be found". The weirdest part is that, in the PDC of domain A, I can
access and use shares from domain B (but not the reverse). Also, I can
ping either PDC when using PDC (ping PDC A from PDC B and PDC B from A)
but not workstations.
>
> Any ideas on what might be the problem? Can the routers be
responsible? Am I missing some service/option/config?

Ping is not enough to establish a trust relationship. A trust
relationship requires NetBIOS name resolution of some
sort e.g., WINS or lmhosts assuming they are on different
subnets. Immediately after attempting to establish the trust
relationship open a dos prompt and run nbtstat -c and verify
at least the following netbios names are in the cache without
conflict and pertaining to the remote PDC:
Domain name 1b, 1c and computer names 00, 03, and 20.
If they are in the cache then something is blocking the Netbios
packets either the routers seperating the two sites or either
machine running software firewall e.g, Nortons personal firewall.

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

> Ping is not enough to establish a trust relationship. A trust
> relationship requires NetBIOS name resolution of some
> sort e.g., WINS or lmhosts assuming they are on different
> subnets. Immediately after attempting to establish the trust
> relationship open a dos prompt and run nbtstat -c and verify
> at least the following netbios names are in the cache without
> conflict and pertaining to the remote PDC:
> Domain name 1b, 1c and computer names 00, 03, and 20.
> If they are in the cache then something is blocking the Netbios
> packets either the routers seperating the two sites or either
> machine running software firewall e.g, Nortons personal firewall.

I tried from domain A and got "no names in cache". Since I don't have software firewalls, would this mean that it's the router's fault?

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

"João Luis Rita" <Joo Luis Rita@discussions.microsoft.com> wrote in
message news:
> > Ping is not enough to establish a trust relationship. A trust
> > relationship requires NetBIOS name resolution of some
> > sort e.g., WINS or lmhosts assuming they are on different
> > subnets. Immediately after attempting to establish the trust
> > relationship open a dos prompt and run nbtstat -c and verify
> > at least the following netbios names are in the cache without
> > conflict and pertaining to the remote PDC:
> > Domain name 1b, 1c and computer names 00, 03, and 20.
> > If they are in the cache then something is blocking the Netbios
> > packets either the routers seperating the two sites or either
> > machine running software firewall e.g, Nortons personal firewall.
>
> I tried from domain A and got "no names in cache". Since I don't have
software firewalls, would this mean that it's the router's fault?

Are you running WINS? Did you try immediately after attempting to
establish the trust relationship? The names will not show up in the
cache until a connection attempt is made or if it's pre loaded with a
lmhosts file. By default the names will stay in the cache for 600 secs
or 10 minutes unless you are using lmhosts then they stay in the remote
name table.

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

> Are you running WINS? Did you try immediately after attempting to
> establish the trust relationship? The names will not show up in the
> cache until a connection attempt is made or if it's pre loaded with a
> lmhosts file. By default the names will stay in the cache for 600 secs
> or 10 minutes unless you are using lmhosts then they stay in the remote
> name table.

WINS it's running, and the IP of domain's B PDC is in it. I've just checked and it is also in the lmhosts AND hosts file (I didn't install this server...)

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

"Joao Luis Rita" <Joao Luis Rita@discussions.microsoft.com> wrote in
message news:
> > Are you running WINS? Did you try immediately after attempting to
> > establish the trust relationship? The names will not show up in the
> > cache until a connection attempt is made or if it's pre loaded with
a
> > lmhosts file. By default the names will stay in the cache for 600
secs
> > or 10 minutes unless you are using lmhosts then they stay in the
remote
> > name table.
>
> WINS it's running, and the IP of domain's B PDC is in it. I've just
checked and it is also in the lmhosts AND hosts file (I didn't install
this server...)

Did you attempt to establish the trusts and then run the nbtstat -c
command?

The lmhosts file is either not setup correctly or lmhosts lookup is
not checked in the tcp/ip properties.

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

> Did you attempt to establish the trusts and then run the nbtstat -c
> command?
> The lmhosts file is either not setup correctly or lmhosts lookup is
> not checked in the tcp/ip properties.

Re-entered it into TCP/IP (reboot) then retried; still "can't find the domain" but now nbtstat -c shows domain's B PCD in Netbios remote cache.

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

What exactly does it show? If all of the
netbios names mentioned in a previous
post of mine are there then something is
blocking NetBIOS
"Joao Luis Rita" <JoaoLuisRita@discussions.microsoft.com> wrote in
message news:
>
> > Did you attempt to establish the trusts and then run the nbtstat -c
> > command?
> > The lmhosts file is either not setup correctly or lmhosts lookup is
> > not checked in the tcp/ip properties.
>
> Re-entered it into TCP/IP (reboot) then retried; still "can't find the
domain" but now nbtstat -c shows domain's B PCD in Netbios remote cache.

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

"Michael Giorgio - MS MVP" wrote:

> What exactly does it show? If all of the
> netbios names mentioned in a previous
> post of mine are there then something is
> blocking NetBIOS

Hello again and good afternoon

The list showed looked like what you wrote on the post. I've contacted our local telecomm company to check out the routers. I'll let you know any news ASAP.

Thanks for all the help and patience!

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Finnally fixed it. I was router problems (plus some mis-cofigurated files...)

Thanks a lot for the help