General discussion

Locked

Can't create tree

By Kuryous1 ·
Hello,
I'm wanting to create a new tree in an existing forest with Windows 2000 Advance Server. The main forest was created on Windows Server 2003 SBS. I get a "ldap error" whether I use a wizard or DCPROMO. We don't have internet access yet and I'm assuming there is a service pack to accommedate the new 2003 server in IPsec and replication. Any help or thoughts would be greatly appreciated. Thanks in advance.

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by CG IT In reply to Can't create tree

hummm I believe your problem is the SBS 2003 O/S. you can have member servers with SBS 2003, have a GC or another DC with AD and replicate between em, but SBS won't establish trusts with other domains whether they are within the same forest or not. Built in limitation. Keeps medium size companies with divisions and/or remote sites from using low cost SBS software.

Collapse -

by Kuryous1 In reply to

Thanks,
I tried to create a DC within the same domain and get a replication error. So, whether it be a new domain or child domain, I get the same error. Will not replicate to new DC.
Any other thoughts? Thanks in advance.

Collapse -

by Kuryous1 In reply to Can't create tree

According to Microsoft Knowledge base, it commented that 2000 AD will work with 2003 SBS. However, the SBS version intalled was from Dell. Perhaps I'm missing something. I should be able to create more than 1 DC?

Collapse -

by CG IT In reply to Can't create tree

ok Lightweight Directory Access Protocol error can have a slew of reasons. Eliminating the limitations of Small Business Server as the source of the problem, next would be communications between the SBS DC and the new member server. Joining a new member server to the domain, running the AD wizard and you get the LDAP error, I would suspect the problem is communications. SBS 2003 comes in a couple of flavors. Standard , Platinum, e.g. without ISA server and with ISA server. If you SBS2003 setup is with one nic AND you have ISA server, I would look to see if ISA server is interfering with communications. If you have ISA server, one nic and didn't create Packet filters allowing LDAP they will get blocked. IPspec authentication is another area I would look at.

I would suggest setting authentication on the LAN without IPsec, just use basic authentication and see if the problem clears up.

Collapse -

by Kuryous1 In reply to

Thanks for the help,
I'm going with your first suggestion for now. I also double checked the function mode. It's mixed. According to knowledge base (old# Q328909)using DCPROMO to source the AD in SBS, I need service packs. Even replicating a DC. This I will try next.

Collapse -

by Kuryous1 In reply to Can't create tree

This question was closed by the author

Back to Networks Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums