RPC communication error while establishing trust from Windows 2003 to 2000

  • Thread starter Thread starter Samir
  • Start date Start date
S

Samir

We are getting following error while trying to establish trust relationship
between Windows 2003 and 2000

" The local security Authority is unable to obtain an RPC connection to the
domain controller <server name>. Please check that the name can be
resolved and that the server is available."

We have tried the following:

1) can ping 2000 machine from 2003 by IP address.
2) can ping 2003 machine from 2000 by IP address
3) can ping 2000 machine from 2003 by hostname.
4) can ping 2003 machine from 2000 by hostname
5) checked the DNS entries on both machines.
6) checked telnet to port 135, 389 from 2003 to 2000 and vice versa

Trust is working from 2003 server to other 2000 servers of other locations.

Any clues?

Thanks.
Samir
 
Samir,

Generally, this error denotes bind issues with the domain. Have you run
DCDIAG and NETDIAG to see if you receive kerberos errors on your connection?
Post back the results.

-Allen Firouz
 
Samir,

We have been talking about trusts a bit this week in the NGs. Remember that
trusts require NetBios resolution. So, while a ping can tell you a lot
about connectivity (ICMP traffic passes and DNS resolution) it doesn't give
you the whole picture.

The quick and dirty way to do this is to add a line in your LMHOSTS file
with the DOMAIN pointing to the PDC emulator from each to the reciprocal
domain. If you have multiple subnets or need this available wide-spread,
you may want to consider WINS to traverse NetBIOS resolution across subnets.
 
DCDIAG and NETDIAG passed most of the tests including Kerberos on both 2003
and 2000. WINS gives warning as we are not using it and 'DC List Test'
failed on 2000.

LMHOST file is configured with necessary entries to point to NetBIOS name of
remote domain.

Error remains the same, even after modifying LMHOST.

Regards,
Samir
 
Hi Samir,
Did you try to use Port Query Tool.
Port Query (Portqry.exe and Portqueryui.exe)
Port Query is a free tool from Microsoft that you can use to help
troubleshoot TCP/IP connectivity issues for specific types of
Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)
traffic.

PortQry Command Line Port Scanner Version 2.0:
http://www.microsoft.com/downloads/...47-c74b-4638-a2d5-ac828bdc6983&DisplayLang=en

PortQryUI - User Interface for the PortQry Command Line Port:
http://www.microsoft.com/downloads/...37-1ea6-4569-aabb-f248f4bd91d0&displaylang=en

http://support.microsoft.com/kb/832919#5

Athif
 
Back
Top