M
Michael Salm, MCSE, CCNA
Greetings all. I have a small AD domain with non-transitive bi-directional
trusts to an NT domain. The AD domain was populated using the ADMT, and the
SIDHistory attribute was included in the migration. NTFS was set up to
allow access to shared resources, and we continue to use an Exchange 5.5
server in the NT domain. Users sign into the AD domain The systems have
been up for about a year with no issues.
Yesterday the trust failed. If you try to verify the trusts in the Active
Directory Domains & Trusts MMC you get the following:
The secure channel (SC) query on domain controller <\\FQDN of AD domain
controller> of domain <AD domain> to domain <NT domain> failed with error:
Access is denied
An SC reset will now be attempted
The SC reset goes on to fail, also with an "Access Denied". I've also tried
to reset the trusts using NetDom, but still get an "Access Denied". I've
set up auditing in the default domain policy, but nothing is appearing in
the Security Log. In the System Log I did find intermittent Event ID 3210,
Source = Netlogon, description = "Failed to authenticate with <NT PDC>, a
Windows NT or Windows 2000 domain controller for domain <NT Domain>.
At this point the only option I can think of is to delete the trust and
reboot both the NT and AD domain controllers in hopes that we can rebuild
the trusts. If anyone can think of something less drastic than rebooting
production servers, I'd be in your debt.
TIA
trusts to an NT domain. The AD domain was populated using the ADMT, and the
SIDHistory attribute was included in the migration. NTFS was set up to
allow access to shared resources, and we continue to use an Exchange 5.5
server in the NT domain. Users sign into the AD domain The systems have
been up for about a year with no issues.
Yesterday the trust failed. If you try to verify the trusts in the Active
Directory Domains & Trusts MMC you get the following:
The secure channel (SC) query on domain controller <\\FQDN of AD domain
controller> of domain <AD domain> to domain <NT domain> failed with error:
Access is denied
An SC reset will now be attempted
The SC reset goes on to fail, also with an "Access Denied". I've also tried
to reset the trusts using NetDom, but still get an "Access Denied". I've
set up auditing in the default domain policy, but nothing is appearing in
the Security Log. In the System Log I did find intermittent Event ID 3210,
Source = Netlogon, description = "Failed to authenticate with <NT PDC>, a
Windows NT or Windows 2000 domain controller for domain <NT Domain>.
At this point the only option I can think of is to delete the trust and
reboot both the NT and AD domain controllers in hopes that we can rebuild
the trusts. If anyone can think of something less drastic than rebooting
production servers, I'd be in your debt.
TIA