RPC communication error while establishing trust from Wind..

Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.setup,microsoft.public.windows.server.active_directory,microsoft.public.windows.server.setup (More info?)

We are getting following error while trying to establish trust relationship
between Windows 2003 and 2000

" The local security Authority is unable to obtain an RPC connection to the
domain controller <server name>. Please check that the name can be
resolved and that the server is available."

We have tried the following:

1) can ping 2000 machine from 2003 by IP address.
2) can ping 2003 machine from 2000 by IP address
3) can ping 2000 machine from 2003 by hostname.
4) can ping 2003 machine from 2000 by hostname
5) checked the DNS entries on both machines.
6) checked telnet to port 135, 389 from 2003 to 2000 and vice versa

Trust is working from 2003 server to other 2000 servers of other locations.

Any clues?

Thanks.
Samir
4 answers Last reply
More about communication error establishing trust wind
  1. Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.setup,microsoft.public.windows.server.active_directory,microsoft.public.windows.server.setup (More info?)

    Samir,

    Generally, this error denotes bind issues with the domain. Have you run
    DCDIAG and NETDIAG to see if you receive kerberos errors on your connection?
    Post back the results.

    -Allen Firouz

    "Samir" wrote:

    > We are getting following error while trying to establish trust relationship
    > between Windows 2003 and 2000
    >
    > " The local security Authority is unable to obtain an RPC connection to the
    > domain controller <server name>. Please check that the name can be
    > resolved and that the server is available."
    >
    > We have tried the following:
    >
    > 1) can ping 2000 machine from 2003 by IP address.
    > 2) can ping 2003 machine from 2000 by IP address
    > 3) can ping 2000 machine from 2003 by hostname.
    > 4) can ping 2003 machine from 2000 by hostname
    > 5) checked the DNS entries on both machines.
    > 6) checked telnet to port 135, 389 from 2003 to 2000 and vice versa
    >
    > Trust is working from 2003 server to other 2000 servers of other locations.
    >
    > Any clues?
    >
    > Thanks.
    > Samir
    >
    >
    >
    >
  2. Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.setup,microsoft.public.windows.server.active_directory,microsoft.public.windows.server.setup (More info?)

    Samir,

    We have been talking about trusts a bit this week in the NGs. Remember that
    trusts require NetBios resolution. So, while a ping can tell you a lot
    about connectivity (ICMP traffic passes and DNS resolution) it doesn't give
    you the whole picture.

    The quick and dirty way to do this is to add a line in your LMHOSTS file
    with the DOMAIN pointing to the PDC emulator from each to the reciprocal
    domain. If you have multiple subnets or need this available wide-spread,
    you may want to consider WINS to traverse NetBIOS resolution across subnets.

    --
    Ryan Hanisco
    MCSE, MCDBA
    FlagShip Integration Services
    Chicago, IL

    "Samir" <samir@bsil.com> wrote in message
    news:%23LUL6wgLFHA.2468@tk2msftngp13.phx.gbl...
    > We are getting following error while trying to establish trust
    > relationship
    > between Windows 2003 and 2000
    >
    > " The local security Authority is unable to obtain an RPC connection to
    > the
    > domain controller <server name>. Please check that the name can be
    > resolved and that the server is available."
    >
    > We have tried the following:
    >
    > 1) can ping 2000 machine from 2003 by IP address.
    > 2) can ping 2003 machine from 2000 by IP address
    > 3) can ping 2000 machine from 2003 by hostname.
    > 4) can ping 2003 machine from 2000 by hostname
    > 5) checked the DNS entries on both machines.
    > 6) checked telnet to port 135, 389 from 2003 to 2000 and vice versa
    >
    > Trust is working from 2003 server to other 2000 servers of other
    > locations.
    >
    > Any clues?
    >
    > Thanks.
    > Samir
    >
    >
    >
  3. Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.setup,microsoft.public.windows.server.active_directory,microsoft.public.windows.server.setup (More info?)

    DCDIAG and NETDIAG passed most of the tests including Kerberos on both 2003
    and 2000. WINS gives warning as we are not using it and 'DC List Test'
    failed on 2000.

    LMHOST file is configured with necessary entries to point to NetBIOS name of
    remote domain.

    Error remains the same, even after modifying LMHOST.

    Regards,
    Samir


    "Allen Firouz" <AllenFirouz@discussions.microsoft.com> wrote in message
    news:A6B7EF8F-4E5C-4C73-805A-BC0E5EAED318@microsoft.com...
    > Samir,
    >
    > Generally, this error denotes bind issues with the domain. Have you run
    > DCDIAG and NETDIAG to see if you receive kerberos errors on your
    connection?
    > Post back the results.
    >
    > -Allen Firouz
    >
    > "Samir" wrote:
    >
    > > We are getting following error while trying to establish trust
    relationship
    > > between Windows 2003 and 2000
    > >
    > > " The local security Authority is unable to obtain an RPC connection to
    the
    > > domain controller <server name>. Please check that the name can be
    > > resolved and that the server is available."
    > >
    > > We have tried the following:
    > >
    > > 1) can ping 2000 machine from 2003 by IP address.
    > > 2) can ping 2003 machine from 2000 by IP address
    > > 3) can ping 2000 machine from 2003 by hostname.
    > > 4) can ping 2003 machine from 2000 by hostname
    > > 5) checked the DNS entries on both machines.
    > > 6) checked telnet to port 135, 389 from 2003 to 2000 and vice versa
    > >
    > > Trust is working from 2003 server to other 2000 servers of other
    locations.
    > >
    > > Any clues?
    > >
    > > Thanks.
    > > Samir
    > >
    > >
    > >
    > >
  4. Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.setup,microsoft.public.windows.server.active_directory,microsoft.public.windows.server.setup (More info?)

    Hi Samir,
    Did you try to use Port Query Tool.
    Port Query (Portqry.exe and Portqueryui.exe)
    Port Query is a free tool from Microsoft that you can use to help
    troubleshoot TCP/IP connectivity issues for specific types of
    Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)
    traffic.

    PortQry Command Line Port Scanner Version 2.0:
    http://www.microsoft.com/downloads/details.aspx?FamilyID=89811747-c74b-4638-a2d5-ac828bdc6983&DisplayLang=en

    PortQryUI - User Interface for the PortQry Command Line Port:
    http://www.microsoft.com/downloads/details.aspx?familyid=8355e537-1ea6-4569-aabb-f248f4bd91d0&displaylang=en

    http://support.microsoft.com/kb/832919#5

    Athif
Ask a new question

Read More

Active Directory Microsoft Servers Windows