2003 Connection attempt to NT4 domain

P

Paul Bergson

I'm stumped. I have an NT4 domain without any type of trust. I'm
attempting to run User Manager or Server Manager to attach to this domain.
So far I have had no success.

I have attached to the remote domain via share connection and authenticated.
I then attempt to run User Manager that I have loaded from the 2003 Resource
Kit on my 2003 server (Attempted on 2000 server as well). Both servers are
fully patched.

194.126.18.99 PDC_NT #PRE #DOM:NT_DOMAIN
194.126.18.99 "NT_DOMAIN \0x1b" #PRE
# IP Address "123456789012345*7890"

nbtstat -R
nbtstat -c

results
PDC_NT <03> UNIQUE 194.126.18.99 -1
PDC_NT <00> UNIQUE 194.126.18.99 -1
PDC_NT <20> UNIQUE 194.126.18.99 -1
NT_DOMAIN <1C> GROUP 194.126.18.99 -1
NT_DOMAIN <1B> UNIQUE 194.126.18.99 -1

When I attempt to connect, I get the error "Cannot find the Primary DC for
NT_DOMAIN. You may administer this domain, but certain domain-wide
operations will be disabled."


Is there some issue with NTLM on my servers that are disabled due to
patching/policies? How can I track this down. I'm just plain stumped?

--


Paul

cross posted
microsoft.public.windows.server.active_directory

microsoft.public.win2000.active_directory
 
A

Ace Fekay [MVP]

In
Paul Bergson said:
I'm stumped. I have an NT4 domain without any type of trust. I'm
attempting to run User Manager or Server Manager to attach to this
domain. So far I have had no success.

I have attached to the remote domain via share connection and
authenticated. I then attempt to run User Manager that I have loaded
from the 2003 Resource Kit on my 2003 server (Attempted on 2000
server as well). Both servers are fully patched.

194.126.18.99 PDC_NT #PRE #DOM:NT_DOMAIN
194.126.18.99 "NT_DOMAIN \0x1b" #PRE
# IP Address "123456789012345*7890"

nbtstat -R
nbtstat -c

results
PDC_NT <03> UNIQUE 194.126.18.99 -1
PDC_NT <00> UNIQUE 194.126.18.99 -1
PDC_NT <20> UNIQUE 194.126.18.99 -1
NT_DOMAIN <1C> GROUP 194.126.18.99 -1
NT_DOMAIN <1B> UNIQUE 194.126.18.99 -1

When I attempt to connect, I get the error "Cannot find the Primary
DC for NT_DOMAIN. You may administer this domain, but certain
domain-wide operations will be disabled."


Is there some issue with NTLM on my servers that are disabled due to
patching/policies? How can I track this down. I'm just plain
stumped?
Click to expand...

Set the workaround shown in this link to disable SMB Signing ('always' to
'disabled'), then run:
gpupdate /force.

811497 - Error Message When Windows 95 or Windows NT 4.0 Client Logs On to
Windows Server 2003 Domain:
http://support.microsoft.com/?id=811497

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply
unless that website posts replies back to the original Microsoft forum.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit or ensure the web community
posts it back to the original forum.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Windows Server Directory Services
Microsoft Certified Trainer
Infinite Diversities in Infinite Combinations.
=================================
 
P

Paul Bergson

I appreciate the effort but it is my 2003 server that can't connect to an NT
4.0 PDC.

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.


"Ace Fekay [MVP]"
 
A

Ace Fekay [MVP]

In
Paul Bergson said:
I appreciate the effort but it is my 2003 server that can't connect
to an NT 4.0 PDC.
Click to expand...

Sorry to hear. I may suggest to create a trust and try it just to see if
that works.

Ace
 
P

Paul Bergson

Actually that is my goal. I was hoping to get this working first.

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.


"Ace Fekay [MVP]"
 
A

Ace Fekay [MVP]

In
Paul Bergson said:
Actually that is my goal. I was hoping to get this working first.
Click to expand...

I'm not sure, and haven't tested it out, but I believe this may be a chicken
before the egg issue, if you know what I mean.

Ace
 
P

Paul Bergson

It is so weird having to go back so far to get this company into our wan.

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.


"Ace Fekay [MVP]"
 
P

Paul Bergson

My network guy fessed up to blocking ports 137 and 138. I got them open and
whah lah...

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.
 
A

Ace Fekay [MVP]

In
Paul Bergson said:
My network guy fessed up to blocking ports 137 and 138. I got them
open and whah lah...
Click to expand...

Don't you hate when that happens?

:)

Cheers!
Ace
 
P

Paul Williams [MVP]

It's always the same. The comms team ping something, get a reply and then
slope their shoulders!

Why do we need them?
 
P

Paul Bergson

To make us miserable. We just had an org change, the boys from networking
are getting rolled up into our group. Sad thing is who do we get to point
the finger at now? : )

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.
 
A

Ace Fekay [MVP]

In
Paul Bergson said:
To make us miserable. We just had an org change, the boys from
networking are getting rolled up into our group. Sad thing is who do
we get to point the finger at now? : )
Click to expand...

At each other!
:)

At least they'll maybe now see what you guys actually do when things go
wrong.

Ace
 
J

Jorge_de_Almeida_Pinto

I'm stumped. I have an NT4 domain without any type of trust.
I'm
attempting to run User Manager or Server Manager to attach to
this domain.
So far I have had no success.

I have attached to the remote domain via share connection and
authenticated.
I then attempt to run User Manager that I have loaded from the
2003 Resource
Kit on my 2003 server (Attempted on 2000 server as well).
Both servers are
fully patched.

194.126.18.99 PDC_NT #PRE #DOM:NT_DOMAIN
194.126.18.99 "NT_DOMAIN > # IP Address "123456789012345*7890"

nbtstat -R
nbtstat -c

results
PDC_NT <03> UNIQUE 194.126.18.99
-1
PDC_NT <00> UNIQUE 194.126.18.99
-1
PDC_NT <20> UNIQUE 194.126.18.99
-1
NT_DOMAIN <1C> GROUP 194.126.18.99
-1
NT_DOMAIN <1B> UNIQUE 194.126.18.99
-1

When I attempt to connect, I get the error "Cannot find the
Primary DC for
NT_DOMAIN. You may administer this domain, but certain
domain-wide
operations will be disabled."


Is there some issue with NTLM on my servers that are disabled
due to
patching/policies? How can I track this down. I'm just plain
stumped?

--


Paul

cross posted
microsoft.public.windows.server.active_directory

microsoft.public.win2000.active_directory
Click to expand...

don’t you have WINS ip addresses configured on the server so a WINS
servers can provide services for NetBIOS nameresolution and
registration?

or are you just using lmhosts on that server?

look at:
http://support.microsoft.com/kb/q150800/

to see how to configure lmhosts
 
P

Paul Bergson

It was a firewall issue

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.


Jorge_de_Almeida_Pinto said:
donâ?Tt you have WINS ip addresses configured on the server so a WINS
servers can provide services for NetBIOS nameresolution and
registration?

or are you just using lmhosts on that server?

look at:
http://support.microsoft.com/kb/q150800/

to see how to configure lmhosts

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/2003-Connection-attempt-NT4-domain-ftopict441069.html
Visit Topic URL to contact author (reg. req'd). Report abuse:
Click to expand...
http://www.windowsforumz.com/eform.php?p=1488598
 
A

Ace Fekay [MVP]

In
Paul Bergson said:
It was a firewall issue
Click to expand...

Taking into consideration the date and time stamp when
Jorge_de_Almeida_Pinto posted, I do not believe he took the time to read
thru the thread to have known that prior to posting.

Ace
 
P

Paul Bergson

Yeah

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.


"Ace Fekay [MVP]"
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

AD Trust to NT4 Domain 3
W2K Domain Trust not working with NT Domain 3
Ugrading NT4 Domain to 2003 Advice 2
Trouble with W2K and NT4 Trust 4
netlogon error 5792 after domain upgrade to win 2003 6
NT40 & W2K AD Trust. 4
Rights - 2003 Server in Windows NT4 Domain 4
NT4 to 2003 w/AD & new servers 5

Top