|
Posted by Roger Abell [MVP] on February 4, 2006, 12:24 pm
Please log in for more thread options Also, poster did not mention GC ldap ports, not secure DC ldap port (if in
use).
More info is needed IMO on this trust - "trusted to us" is not clear to me,
but
I am guessing this is meaning not a forest trust but a one-way (which way?)
that needs NTLM support, but if not then Kerberos comes into it (poster did
say W2k3 native, but not whether only domain or also forest native).
> First you need to make sure that you have proper name resolution between
> the domains. In Windows 2003 that can be done with conditional forwarding,
> dns stub zones, or creating secondary zones for the other domain in each
> domain's dns servers [most likely domain controllers]. From each domain
> you should be able to use nslookup and enter the name of the other domain
> and get results that show the domain controllers of the other domain. If
> dns seems OK you may have a problem with other needed network traffic
> being blocked. See the link below which shows what ports/protocols are
> needed for Active Directory trusts/replication. --- Steve
>
>
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/adrepfir.mspx
>
>> We are receiving the following error while trusting a server in a
>> different
>> forest and domain. The error is the Local Security Policy is unable to
>> obtain an RPC connection to the server. Both servers are Windows 2003
>> native
>> mode. We have 2 other locations that are trusted and working correctly.
>> We
>> have checked ports 135, 139, and 389 which are open between the VPN
>> sites.
>> The trust did create a one way trust. Their server is trusted to us. So
>> they can see us but we can't see them. We can ping the server by name.
>> We
>> thought perhaps the RPC cannot use the higher ports. Has anyone else had
>> this issue?
>>
>> B Whitaker
>>
>>
>
>
| 
XML Sitemap