F
Fredrik Landin
I posted this post here last week I think, I got a reply from Jimmy Harper
[MSFT], I tested the stuff he wanted me to test and now my oroginal post
here is gone, this is why some of you might see two identical posts from me.
Is there a rule or something that deletes all posts after say 14 days or
soemthing?
Mr.Harper wanted me to set up DNS resolution between the two domains, I did
that and it worked fine.
C:\>nltest /dsgetdc:domain
DC: \\SERVER
Address: \\IP REPLACED
Dom Guid: GUID REPLACED
Dom Name: domain
Forest Name: domain.se
Dc Site Name: Mysite
Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_FOREST
The command completed successfully
C:\>nltest /dsgetdc:domain.se
DC: \\SERVER.domain.se
Address: \\IP REPLACED
Dom Guid: GUID REPLACED
Dom Name: domain.se
Forest Name: domain.se
Dc Site Name: Mysite
Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN
DNS_FOREST
The command completed successfully
To me nameresolution is fine, still the same old issue remains,
"Cannot Continue, The trust relationship cannot be created because the
following error occurred:
The operation failed. The error is: Access is denied."
I tested creating two new accounts in both domains and tried to use these to
set up the trust, still no luck.
I'm really lost here guy's... I need help.
Is there a "whitepaper" or a chelist or something, I've been looking all
over the place and found just about nothing... and it's har to see the
forest, all the trees are in my face ;-)
Original post by me:
-
2000 Domain is in native mode SP2, 2003 domain and forest functional level
2003, No SP
These are the LMHOST files on both DC, yes they differ when it comes to the
names of the servers and IP/Domain. This is just to show what it looks like.
-
192.168.0.10 SERVERNAME #PRE #DOM
OMAIN #net group's DC
192.168.0.10 "DOMAIN \0x1b" #PRE
-
Additionally there are entries in the HOSTS file:
192.168.0.10 servername.domain.se
-
I can ping on netbios name, fqdn or whatever I want, I can map drivers and
so on.
To me it looks like name resolution is a-ok!
The networks pass trough on router on the way, this is a new router without
any configuration/limitation as far as ACLs go, I even allow broadcast right
now.
Here's the problem.
Domains and trust, new trust [Welcome to the new trust wizard] - next, I
type the netbios name of the domain - next, I get the username and password
dialog, I try to type any of these and I still get the same result, usename
and password, domain\username and password, username@domain and password.
All of these give me the same result immediately, "Cannot Continue, The
trust relationship cannot be created because the following error occurred:
The operation failed. The error is: Access is denied."
If I try to create a trust and don't type the netbios name of the domain but
use domain.se I get another wizard asking me for the appropriate trust,
Realm or Windows trust.
I select Windows trust and get this: "Cannot Continue, The trust
relationship cannot be created because the specified domain cannot be
contacted.
Either the domain does not exist, or network or other problems are
preventing connection."
Both accounts I'm trying to use in both domains are enterprise admins, if it
would help I can create two brand new accounts in both domains to solve this
issue (if suspected something with this.)
The info above leads me to believe that name resolution is the issue in some
way. but I'm at a loss and need help.
Anyone out there who has done this before and maybe have a solution for
this?
Regards,
Fredrik
--
[MSFT], I tested the stuff he wanted me to test and now my oroginal post
here is gone, this is why some of you might see two identical posts from me.
Is there a rule or something that deletes all posts after say 14 days or
soemthing?
Mr.Harper wanted me to set up DNS resolution between the two domains, I did
that and it worked fine.
C:\>nltest /dsgetdc:domain
DC: \\SERVER
Address: \\IP REPLACED
Dom Guid: GUID REPLACED
Dom Name: domain
Forest Name: domain.se
Dc Site Name: Mysite
Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_FOREST
The command completed successfully
C:\>nltest /dsgetdc:domain.se
DC: \\SERVER.domain.se
Address: \\IP REPLACED
Dom Guid: GUID REPLACED
Dom Name: domain.se
Forest Name: domain.se
Dc Site Name: Mysite
Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN
DNS_FOREST
The command completed successfully
To me nameresolution is fine, still the same old issue remains,
"Cannot Continue, The trust relationship cannot be created because the
following error occurred:
The operation failed. The error is: Access is denied."
I tested creating two new accounts in both domains and tried to use these to
set up the trust, still no luck.
I'm really lost here guy's... I need help.
Is there a "whitepaper" or a chelist or something, I've been looking all
over the place and found just about nothing... and it's har to see the
forest, all the trees are in my face ;-)
Original post by me:
-
2000 Domain is in native mode SP2, 2003 domain and forest functional level
2003, No SP
These are the LMHOST files on both DC, yes they differ when it comes to the
names of the servers and IP/Domain. This is just to show what it looks like.
-
192.168.0.10 SERVERNAME #PRE #DOM
OMAIN #net group's DC192.168.0.10 "DOMAIN \0x1b" #PRE
-
Additionally there are entries in the HOSTS file:
192.168.0.10 servername.domain.se
-
I can ping on netbios name, fqdn or whatever I want, I can map drivers and
so on.
To me it looks like name resolution is a-ok!
The networks pass trough on router on the way, this is a new router without
any configuration/limitation as far as ACLs go, I even allow broadcast right
now.
Here's the problem.
Domains and trust, new trust [Welcome to the new trust wizard] - next, I
type the netbios name of the domain - next, I get the username and password
dialog, I try to type any of these and I still get the same result, usename
and password, domain\username and password, username@domain and password.
All of these give me the same result immediately, "Cannot Continue, The
trust relationship cannot be created because the following error occurred:
The operation failed. The error is: Access is denied."
If I try to create a trust and don't type the netbios name of the domain but
use domain.se I get another wizard asking me for the appropriate trust,
Realm or Windows trust.
I select Windows trust and get this: "Cannot Continue, The trust
relationship cannot be created because the specified domain cannot be
contacted.
Either the domain does not exist, or network or other problems are
preventing connection."
Both accounts I'm trying to use in both domains are enterprise admins, if it
would help I can create two brand new accounts in both domains to solve this
issue (if suspected something with this.)
The info above leads me to believe that name resolution is the issue in some
way. but I'm at a loss and need help.
Anyone out there who has done this before and maybe have a solution for
this?
Regards,
Fredrik
--