Trust Relationships

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I'm having some problem with Trust relationships.
We have established Trusts between several of our Widnows 2000 AD domains.
These establish fine and work fine (for a while, anyway).
Almost once a week, the Trusts need to be reset as they fail. There are
about 6 Trusts in place and differenet Trusts seem to require resetting each
time (some more than others).
What are the known reasons for Trusts failing and why does the Reset then
re-establish the Trust OK?
Is there anything we can do to avoid having to reset these so often?

I should mention that the Trusts aren't used very frequently. Mainly for an
SQL server job which connect to each site every week. Do Trusts timeout due
to inactivity?

Many thanks

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"" wrote:
> I'm having some problem with Trust relationships.
> We have established Trusts between several of our Widnows 2000
> AD domains.
> These establish fine and work fine (for a while, anyway).
> Almost once a week, the Trusts need to be reset as they fail.
> There are
> about 6 Trusts in place and differenet Trusts seem to require
> resetting each
> time (some more than others).
> What are the known reasons for Trusts failing and why does the
> Reset then
> re-establish the Trust OK?
> Is there anything we can do to avoid having to reset these so
> often?
>
> I should mention that the Trusts aren't used very frequently.
> Mainly for an
> SQL server job which connect to each site every week. Do
> Trusts timeout due
> to inactivity?
>
> Many thanks

every week you say?.... as you may know truts also have passwords.
Trust passwords are changed every 7 days.

What the errors and event id on the DCs?

Cheers,

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Active-Directory-Trust-Relationships-ftopict553376.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1755925

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

As a preventative step it might be worth hosting a secondary DNS zone for
each of the various domains in every other domain to ensure that they are
able to locate the needed machines to reset the trust password. As Jorge
indicated the Event logs would be very helpful in troubleshooting this
issue.

You can also use the nltest utility to troubleshoot the secure channel
chain.

From a command prompt, type:
F:\ReskitTools\>nltest /sc_query:%domainname%
(where the %domainname% is the Netbios name of the domain the client is in).

It should show the following information:
Flags:
Trusted DC Name
Trusted DC Connection Status Status =
The command completed successfully

You can then go to that trusted DC and do the nltest command to the trusted
domain, if that succeeds, you can walk the chain back up the other direction
from the resource in the trusted domain to see where the trusts come
together.

After checking the Event Logs and running the nltest command against each of
the domains, you should have your answer, or more information to post for us
to help further. If this does not lead you to the answer, you may have some
necessary port blocked between the two domains. You can use Network Monitor
(or Ethereal) on both sides of the trust to trace the creation of the trust
and verification of the trust, but I suspect that the network is not the
problem, or you wouldn't get success when initially setting the trust up.

Post your results so we can follow up.


Mike Shepperd




"Jorge_de_Almeida_Pinto" <UseLinkToEmail@WindowsForumz.com> wrote in message
news:3_1755925_d9f4749de03399d481d4554c9d24fa41@windowsforumz.com...
> "" wrote:
> > I'm having some problem with Trust relationships.
> > We have established Trusts between several of our Widnows 2000
> > AD domains.
> > These establish fine and work fine (for a while, anyway).
> > Almost once a week, the Trusts need to be reset as they fail.
> > There are
> > about 6 Trusts in place and differenet Trusts seem to require
> > resetting each
> > time (some more than others).
> > What are the known reasons for Trusts failing and why does the
> > Reset then
> > re-establish the Trust OK?
> > Is there anything we can do to avoid having to reset these so
> > often?
> >
> > I should mention that the Trusts aren't used very frequently.
> > Mainly for an
> > SQL server job which connect to each site every week. Do
> > Trusts timeout due
> > to inactivity?
> >
> > Many thanks
>
> every week you say?.... as you may know truts also have passwords.
> Trust passwords are changed every 7 days.
>
> What the errors and event id on the DCs?
>
> Cheers,
>
> --
> Posted using the http://www.windowsforumz.com interface, at author's
> request
> Articles individually checked for conformance to usenet standards
> Topic URL:
> http://www.windowsforumz.com/Active-Directory-Trust-Relationships-ftopict553376.html
> Visit Topic URL to contact author (reg. req'd). Report abuse:
> http://www.windowsforumz.com/eform.php?p=1755925