General discussion

Locked

NT4/W2K Trusts across Routers/WANs

By mcarpick ·
I have a primary Windows NT4.0 Domain that used to have a working 2-way trust to our W2K Domain in another country.

It broke after a server upgrade/replacement. Trying to reset it in the same manner as originally set up is not working - get "Can not find PDC", although that PCD can be pinged and even browsed by IP.

Already examined resources include KBs:

175025 - 181171 - 306733

A bit stuck here, any other ideas?

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by curlergirl In reply to NT4/W2K Trusts across Rou ...

It sounds like your problem might be DNS. In order to create a trust relationship, you have to have a working DNS server at both ends to resolve the domain and host names. You mentioned that you can ping and browse by IP address, but if you can't ping and browse by host name, then you have a name resolution problem.

If this isn't the case, please respond with more info. Hope this helps!

Collapse -

by mcarpick In reply to

Thanks for response. This may be the crux of the matter, but -

DNS is running on both ends, however the DNS on the Primary (NT4.0) is a 'real', public DNS, while the one on the W2K domain is local/private (192.168.xxx.yyy). In theory, that shouldn't matter, as both ends can resolve each other, but I keep getting 'PDC could not be contacted'. NetBIOS/WINS is messing this up somewhere, but so far unable to fix it, even with the specified LMHOSTS configuration.

Collapse -

by sgt_shultz In reply to NT4/W2K Trusts across Rou ...

we need the exact error message please from the event log.
i would believe my error message. i would look for horses not zebras. maybe not a broken trust.
i think you are on right track with the name resolution problem. pinging no much proof of anything in compliated conversation/process of remote segment domain authentication imho.
did you see this one? 272124
<snip>
SYMPTOMS
When you attempt to add a workstation to a domain, you may not be able to do so, and you may receive the following error message:


A domain controller for your domain could not be contacted. You have been logged on using cached account information. Changes to your profile since you last logged on may not be available.

If caching is disabled, you may also receive this error message:


The system cannot log you on now because the domain (DOMAIN_NAME) is not available.
CAUSE
This behavior can occur when the primary domain controller (PDC) has not correctly registered the 1B (domain master browser) and 1C (domain controller) NetBIOS names in the Windows Internet Name Service (WINS), or when the 1B and 1C entries are not specified correctly in the LMHOSTS file.
RESOLUTION
To resolve this issue, register the 1B and 1C NetBIOS names in WINS again by stopping and then restarting the Netlogon service on the PDC.

If your network does not use a WINS server and the domain controller is located on a remote network segment, on the workstation, use an LMHOSTS file with the correct 1B and 1C entries for the domain.
</snip>
this article also has reference to how to make good lmhosts file (180094) and how to re-register wins names (137423). you sure you are good there. can you test lmhost file entry prowess any other way?
could firewall be blocking?

Collapse -

by Joseph Moore In reply to NT4/W2K Trusts across Rou ...

Are you sure you have the LMHOSTS file on the NT4 box set correctly? I've had this problem myself, and the LMHOSTS file fixed it for me. I've also recommended it to others, and it has worked for them too. So I know this one works well.
Try this Technet article; it's not one in your list:
http://support.microsoft.com/?kbid=180094

Back to Windows Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums