Sign in with
Sign up | Sign in
Your question

RPC communication error while establishing trust from Wind..

Last response: in Windows 2000/NT
Share
March 21, 2005 8:24:09 PM

Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.setup,microsoft.public.windows.server.active_directory,microsoft.public.windows.server.setup (More info?)

We are getting following error while trying to establish trust relationship
between Windows 2003 and 2000

" The local security Authority is unable to obtain an RPC connection to the
domain controller <server name>. Please check that the name can be
resolved and that the server is available."

We have tried the following:

1) can ping 2000 machine from 2003 by IP address.
2) can ping 2003 machine from 2000 by IP address
3) can ping 2000 machine from 2003 by hostname.
4) can ping 2003 machine from 2000 by hostname
5) checked the DNS entries on both machines.
6) checked telnet to port 135, 389 from 2003 to 2000 and vice versa

Trust is working from 2003 server to other 2000 servers of other locations.

Any clues?

Thanks.
Samir
Anonymous
March 21, 2005 8:24:10 PM

Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.setup,microsoft.public.windows.server.active_directory,microsoft.public.windows.server.setup (More info?)

Samir,

Generally, this error denotes bind issues with the domain. Have you run
DCDIAG and NETDIAG to see if you receive kerberos errors on your connection?
Post back the results.

-Allen Firouz

"Samir" wrote:

> We are getting following error while trying to establish trust relationship
> between Windows 2003 and 2000
>
> " The local security Authority is unable to obtain an RPC connection to the
> domain controller <server name>. Please check that the name can be
> resolved and that the server is available."
>
> We have tried the following:
>
> 1) can ping 2000 machine from 2003 by IP address.
> 2) can ping 2003 machine from 2000 by IP address
> 3) can ping 2000 machine from 2003 by hostname.
> 4) can ping 2003 machine from 2000 by hostname
> 5) checked the DNS entries on both machines.
> 6) checked telnet to port 135, 389 from 2003 to 2000 and vice versa
>
> Trust is working from 2003 server to other 2000 servers of other locations.
>
> Any clues?
>
> Thanks.
> Samir
>
>
>
>
Anonymous
March 21, 2005 8:24:10 PM

Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.setup,microsoft.public.windows.server.active_directory,microsoft.public.windows.server.setup (More info?)

Samir,

We have been talking about trusts a bit this week in the NGs. Remember that
trusts require NetBios resolution. So, while a ping can tell you a lot
about connectivity (ICMP traffic passes and DNS resolution) it doesn't give
you the whole picture.

The quick and dirty way to do this is to add a line in your LMHOSTS file
with the DOMAIN pointing to the PDC emulator from each to the reciprocal
domain. If you have multiple subnets or need this available wide-spread,
you may want to consider WINS to traverse NetBIOS resolution across subnets.

--
Ryan Hanisco
MCSE, MCDBA
FlagShip Integration Services
Chicago, IL

"Samir" <samir@bsil.com> wrote in message
news:%23LUL6wgLFHA.2468@tk2msftngp13.phx.gbl...
> We are getting following error while trying to establish trust
> relationship
> between Windows 2003 and 2000
>
> " The local security Authority is unable to obtain an RPC connection to
> the
> domain controller <server name>. Please check that the name can be
> resolved and that the server is available."
>
> We have tried the following:
>
> 1) can ping 2000 machine from 2003 by IP address.
> 2) can ping 2003 machine from 2000 by IP address
> 3) can ping 2000 machine from 2003 by hostname.
> 4) can ping 2003 machine from 2000 by hostname
> 5) checked the DNS entries on both machines.
> 6) checked telnet to port 135, 389 from 2003 to 2000 and vice versa
>
> Trust is working from 2003 server to other 2000 servers of other
> locations.
>
> Any clues?
>
> Thanks.
> Samir
>
>
>
March 22, 2005 7:17:05 PM

Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.setup,microsoft.public.windows.server.active_directory,microsoft.public.windows.server.setup (More info?)

DCDIAG and NETDIAG passed most of the tests including Kerberos on both 2003
and 2000. WINS gives warning as we are not using it and 'DC List Test'
failed on 2000.

LMHOST file is configured with necessary entries to point to NetBIOS name of
remote domain.

Error remains the same, even after modifying LMHOST.

Regards,
Samir


"Allen Firouz" <AllenFirouz@discussions.microsoft.com> wrote in message
news:A6B7EF8F-4E5C-4C73-805A-BC0E5EAED318@microsoft.com...
> Samir,
>
> Generally, this error denotes bind issues with the domain. Have you run
> DCDIAG and NETDIAG to see if you receive kerberos errors on your
connection?
> Post back the results.
>
> -Allen Firouz
>
> "Samir" wrote:
>
> > We are getting following error while trying to establish trust
relationship
> > between Windows 2003 and 2000
> >
> > " The local security Authority is unable to obtain an RPC connection to
the
> > domain controller <server name>. Please check that the name can be
> > resolved and that the server is available."
> >
> > We have tried the following:
> >
> > 1) can ping 2000 machine from 2003 by IP address.
> > 2) can ping 2003 machine from 2000 by IP address
> > 3) can ping 2000 machine from 2003 by hostname.
> > 4) can ping 2003 machine from 2000 by hostname
> > 5) checked the DNS entries on both machines.
> > 6) checked telnet to port 135, 389 from 2003 to 2000 and vice versa
> >
> > Trust is working from 2003 server to other 2000 servers of other
locations.
> >
> > Any clues?
> >
> > Thanks.
> > Samir
> >
> >
> >
> >
Anonymous
March 23, 2005 12:48:18 AM

Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.setup,microsoft.public.windows.server.active_directory,microsoft.public.windows.server.setup (More info?)

Hi Samir,
Did you try to use Port Query Tool.
Port Query (Portqry.exe and Portqueryui.exe)
Port Query is a free tool from Microsoft that you can use to help
troubleshoot TCP/IP connectivity issues for specific types of
Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)
traffic.

PortQry Command Line Port Scanner Version 2.0:
http://www.microsoft.com/downloads/details.aspx?FamilyI...

PortQryUI - User Interface for the PortQry Command Line Port:
http://www.microsoft.com/downloads/details.aspx?familyi...

http://support.microsoft.com/kb/832919#5

Athif
!