General discussion

  • Creator
  • #2175496

    trust relations


    by raj.addanki ·

    When I try to establist a trust relation between a 2003 and a 2000 domain I get the following error.
    ” local security advisor not able to establish RPC agreement ”
    and also states that the domian name couldn’t be resolved.
    I have checked the DNS entries.
    Things come up fine when I type nslookup.
    secondly I can ping both the servers from either sides.
    there is absolutely no problem with the connectivity.
    I can ping using FQDN.

    can anyone help me with this.
    Thanks and Regards

All Comments

  • Author
    • #3350705

      Reply To: trust relations

      by bfilmfan ·

      In reply to trust relations

      I assuming that there isn’t an issue where someone has set an IPSEC policy on the network cards to reject traffic from the domain controllers IP addresses. You can check this on each server in the advanced configuration settings of the network cards.

      Are these 2 domains in 2 separate AD forests? All domains within a single AD forest have established trusts.

      You will have to create external one-way trusts on each domain to the other domain. Did you use NETDOM to set up the trust?

      If not, then log into each domain with an administrative level-privilege account and run the command:


    • #3350635

      Reply To: trust relations

      by sojournist ·

      In reply to trust relations

      The nslookup and ping verifies that the Host(A) records are correct in DNS. Verify that the SRV records for the domain controller are also present. In the forward lookup zones for both domains, look for four subdomains that begin with _ .

      If they are not present, do the following:

      (1) In the DNS console, right-click on the forward lookup zone and select Properties.

      (2) Ensure that the dropdown box for “Allow Dynamic Updates” is set to “Yes”. Click Okay.

      (3) On the DOMAIN CONTROLLER, open the services console. [START-Programs-Administrative Tools-Services]

      (4) Restart the Netlogon service.

      (5) Verify that the SRV records populated to the forward lookup zone. If they are still absent, restart the server.

      These actions should be taken on the forward lookup zones for both domains.

      For good measure, run the command IPCONFIG /FLUSHDNS on the computer you are using to configure the new trust relationship.

      Then attempt to create the trust again.


    • #3330858

      Reply To: trust relations

      by raj.addanki ·

      In reply to trust relations

      The senario goes this way.
      15 locations.
      All locations have windows 2000 and exchange 5.5.
      every location is a individual forest and domain on its own.
      I have designated one location as a central location.
      I install windows 2003, made it a dc, and created OU’s for each location.
      Created two way trusts from 2003 dc, to every individual 2000 dc’s.
      I could creat trust for 14 locations, except one.
      thats where the problem arises.
      till I dont resolve the trust issue , I cant go ahead with ADC.
      and after that I can proceed with forest prep, and domain prep. and move ahead with exchange 2003 .
      not all locations have FQDN ( i mean .com extention ).
      many are single lable DNS names.
      the windows 2000 DC has a single lable name space.
      2003 server is in native mode.
      2000 server is in mixed mode.

      we have checked the following.

      1) can ping 2000 machine from 2003 by IP address.
      2) can ping 2003 machine from 2000 by IP address
      3) can ping 2000 machine from 2003 by hostname.
      4) can ping 2003 machine from 2000 by hostname
      5) can ping FQDN of 2003 dc from 2000.
      6) can ping FQDN of 2000 dc from 2003. ( Random, not always, we get the responce very rarely ).
      7) checked the DNS entries on both machines.
      8) Problems in opening Default Domain Policy.

      Currently we are looking at a workaround.
      after we proceed with it, we would get back to see what went wrong with the server.
      any ideas, or suggessions would be of great help.
      Thanks again.
      Thanks a lot.

    • #2985149

      trust relations

      by baggushyamsundar ·

      In reply to trust relations

      RPC is a protocol which is used for establish communication between two computers. So in in 2003 domain just just install RPC protocol and check it

Viewing 3 reply threads