I am not having connectivity problems among domains, I can ping both ways,
but I do think as well it is a DNS issue. I ran dcdiag on all three DC's
and this is what I got. Not sure what to make of these errors, but I have
noticed in my win2k DC that the entry in the _msdcs.hrm.lan zone I am
missing some aliases to the other DNS servers.
Ok, I am not sure what is going on here. I didn't run that one utility yet,
but did try this on the win2k dc harttool in ht.hrm.lan and got this info:
C:\Documents and Settings\Administrator.HARTTOOL.001>dcdiag
DC Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial non skippeable tests
Testing server: Default-First-Site-Name\HARTTOOL
Starting test: Connectivity
......................... HARTTOOL passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\HARTTOOL
Starting test: Replications
[Replications Check,HARTTOOL] A recent replication attempt failed:
From NT_SERVER to HARTTOOL
Naming Context: CN=Schema,CN=Configuration,DC=hrm,DC=lan
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup
failu
re.
The failure occurred at 2004-08-17 15:59.55.
The last success occurred at 2004-07-20 14:59.08.
678 failures have occurred since the last success.
The guid-based DNS name
1eecced9-7b86-4b50-a815-5c26414f350c._msdcs.
hrm.lan
is not registered on one or more DNS servers.
[NT_SERVER] DsBind() failed with error 1722,
The RPC server is unavailable..
[Replications Check,HARTTOOL] A recent replication attempt failed:
From BRAIN to HARTTOOL
Naming Context: CN=Schema,CN=Configuration,DC=hrm,DC=lan
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup
failu
re.
The failure occurred at 2004-08-17 15:59.55.
The last success occurred at 2004-07-20 12:59.08.
680 failures have occurred since the last success.
The guid-based DNS name
0b692c1e-6566-436a-be49-0d02669e5135._msdcs.
hrm.lan
is not registered on one or more DNS servers.
[BRAIN] DsBind() failed with error 1722,
The RPC server is unavailable..
[Replications Check,HARTTOOL] A recent replication attempt failed:
From NT_SERVER to HARTTOOL
Naming Context: CN=Configuration,DC=hrm,DC=lan
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup
failu
re.
The failure occurred at 2004-08-17 16:01.00.
The last success occurred at 2004-07-20 14:59.08.
3432 failures have occurred since the last success.
The guid-based DNS name
1eecced9-7b86-4b50-a815-5c26414f350c._msdcs.
hrm.lan
is not registered on one or more DNS servers.
[Replications Check,HARTTOOL] A recent replication attempt failed:
From BRAIN to HARTTOOL
Naming Context: CN=Configuration,DC=hrm,DC=lan
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup
failu
re.
The failure occurred at 2004-08-17 16:14.46.
The last success occurred at 2004-07-20 13:35.51.
6922 failures have occurred since the last success.
The guid-based DNS name
0b692c1e-6566-436a-be49-0d02669e5135._msdcs.
hrm.lan
is not registered on one or more DNS servers.
......................... HARTTOOL passed test Replications
Starting test: NCSecDesc
......................... HARTTOOL passed test NCSecDesc
Starting test: NetLogons
......................... HARTTOOL passed test NetLogons
Starting test: Advertising
......................... HARTTOOL passed test Advertising
Starting test: KnowsOfRoleHolders
Warning: NT_SERVER is the Schema Owner, but is not responding to DS
RPC
Bind.
[NT_SERVER] LDAP connection failed with error 58,
The specified server cannot perform the requested operation..
Warning: NT_SERVER is the Schema Owner, but is not responding to
LDAP B
ind.
Warning: NT_SERVER is the Domain Owner, but is not responding to DS
RPC
Bind.
Warning: NT_SERVER is the Domain Owner, but is not responding to
LDAP B
ind.
......................... HARTTOOL failed test KnowsOfRoleHolders
Starting test: RidManager
......................... HARTTOOL passed test RidManager
Starting test: MachineAccount
......................... HARTTOOL passed test MachineAccount
Starting test: Services
......................... HARTTOOL passed test Services
Starting test: ObjectsReplicated
......................... HARTTOOL passed test ObjectsReplicated
Starting test: frssysvol
......................... HARTTOOL passed test frssysvol
Starting test: kccevent
An Warning Event occured. EventID: 0x800004F1
Time Generated: 08/17/2004 16:05:15
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 08/17/2004 16:05:15
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 08/17/2004 16:05:15
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800004F1
Time Generated: 08/17/2004 16:05:15
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000466
Time Generated: 08/17/2004 16:14:29
(Event String could not be retrieved)
......................... HARTTOOL failed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x0000165B
Time Generated: 08/17/2004 15:55:05
Event String: The session setup from the computer SKYNET failed
An Error Event occured. EventID: 0x0000169E
Time Generated: 08/17/2004 16:00:19
(Event String could not be retrieved)
......................... HARTTOOL failed test systemlog
Running enterprise tests on : hrm.lan
Starting test: Intersite
......................... hrm.lan passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
......................... hrm.lan failed test FsmoCheck
This is on skynet the win2k3 DC in hh.hrm.lan
C:\WINDOWS\Profiles\Administrator>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SKYNET
Starting test: Connectivity
......................... SKYNET passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SKYNET
Starting test: Replications
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source NT_SERVER
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
......................... SKYNET passed test Replications
Starting test: NCSecDesc
......................... SKYNET passed test NCSecDesc
Starting test: NetLogons
......................... SKYNET passed test NetLogons
Starting test: Advertising
......................... SKYNET passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SKYNET passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SKYNET passed test RidManager
Starting test: MachineAccount
......................... SKYNET passed test MachineAccount
Starting test: Services
......................... SKYNET passed test Services
Starting test: ObjectsReplicated
......................... SKYNET passed test ObjectsReplicated
Starting test: frssysvol
......................... SKYNET passed test frssysvol
Starting test: frsevent
......................... SKYNET passed test frsevent
Starting test: kccevent
......................... SKYNET passed test kccevent
Starting test: systemlog
......................... SKYNET passed test systemlog
Starting test: VerifyReferences
......................... SKYNET passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : hh
Starting test: CrossRefValidation
......................... hh passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... hh passed test CheckSDRefDom
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running enterprise tests on : hrm.lan
Starting test: Intersite
......................... hrm.lan passed test Intersite
Starting test: FsmoCheck
......................... hrm.lan passed test FsmoCheck
And on the root win2k3 server Nt_server in hrm.lan
C:\WINDOWS\Profiles\Administrator>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\NT_SERVER
Starting test: Connectivity
......................... NT_SERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\NT_SERVER
Starting test: Replications
[Replications Check,NT_SERVER] A recent replication attempt failed:
From SKYNET to NT_SERVER
Naming Context: DC=ForestDnsZones,DC=hrm,DC=lan
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup
failu
re.
The failure occurred at 2004-08-17 16:29:52.
The last success occurred at 2004-08-08 04:52:19.
960 failures have occurred since the last success.
The guid-based DNS name
177f2bc1-7971-47e6-8cfb-1b36a2f1f4d5._msdcs.
hrm.lan
is not registered on one or more DNS servers.
[SKYNET] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
[Replications Check,NT_SERVER] A recent replication attempt failed:
From SKYNET to NT_SERVER
Naming Context: CN=Schema,CN=Configuration,DC=hrm,DC=lan
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup
failu
re.
The failure occurred at 2004-08-17 15:55:20.
The last success occurred at 2004-08-08 04:52:19.
229 failures have occurred since the last success.
The guid-based DNS name
177f2bc1-7971-47e6-8cfb-1b36a2f1f4d5._msdcs.
hrm.lan
is not registered on one or more DNS servers.
[Replications Check,NT_SERVER] A recent replication attempt failed:
From SKYNET to NT_SERVER
Naming Context: CN=Configuration,DC=hrm,DC=lan
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup
failu
re.
The failure occurred at 2004-08-17 16:11:06.
The last success occurred at 2004-08-08 04:52:19.
645 failures have occurred since the last success.
The guid-based DNS name
177f2bc1-7971-47e6-8cfb-1b36a2f1f4d5._msdcs.
hrm.lan
is not registered on one or more DNS servers.
[Replications Check,NT_SERVER] A recent replication attempt failed:
From SKYNET to NT_SERVER
Naming Context: DC=hh,DC=hrm,DC=lan
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup
failu
re.
The failure occurred at 2004-08-17 16:34:10.
The last success occurred at 2004-08-08 05:01:03.
20174 failures have occurred since the last success.
The guid-based DNS name
177f2bc1-7971-47e6-8cfb-1b36a2f1f4d5._msdcs.
hrm.lan
is not registered on one or more DNS servers.
REPLICATION-RECEIVED LATENCY WARNING
NT_SERVER: Current time is 2004-08-17 16:34:27.
DC=ForestDnsZones,DC=hrm,DC=lan
Last replication recieved from SKYNET at 2004-08-08 04:52:19.
DC=hh,DC=hrm,DC=lan
Last replication recieved from SKYNET at 2004-08-08 05:01:03.
......................... NT_SERVER passed test Replications
Starting test: NCSecDesc
......................... NT_SERVER passed test NCSecDesc
Starting test: NetLogons
......................... NT_SERVER passed test NetLogons
Starting test: Advertising
......................... NT_SERVER passed test Advertising
Starting test: KnowsOfRoleHolders
......................... NT_SERVER passed test KnowsOfRoleHolders
Starting test: RidManager
......................... NT_SERVER passed test RidManager
Starting test: MachineAccount
......................... NT_SERVER passed test MachineAccount
Starting test: Services
......................... NT_SERVER passed test Services
Starting test: ObjectsReplicated
......................... NT_SERVER passed test ObjectsReplicated
Starting test: frssysvol
......................... NT_SERVER passed test frssysvol
Starting test: frsevent
......................... NT_SERVER passed test frsevent
Starting test: kccevent
......................... NT_SERVER passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC0002715
Time Generated: 08/17/2004 16:30:01
Event String: DCOM got error "%1058" attempting to start the
......................... NT_SERVER failed test systemlog
Starting test: VerifyReferences
......................... NT_SERVER passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : hrm
Starting test: CrossRefValidation
......................... hrm passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... hrm passed test CheckSDRefDom
Running enterprise tests on : hrm.lan
Starting test: Intersite
......................... hrm.lan passed test Intersite
Starting test: FsmoCheck
......................... hrm.lan passed test FsmoCheck
Seems the first and last servers have the most errors. Not sure where to go
from here.
Steven L Umbach said:
Hi Sott.
Yes I would. There is no harm in doing so. So it is one tree and with two child
domains that can not access each other. Hmm. I still think it may be dns related.
Also ipsec policies implemented in a domain can cause disruption domain trusts. I am
not totally up to speed with W2003 yet [sorry]. You might want to review the
procedures for child domains and dns as explained in the KB below. -- Steve
http://support.microsoft.com/default.aspx?scid=kb;EN-US;255248
Scott Micale said:
These are all in one forest. I have a Win2k3 root server with 2 child
domains. One of the child domains is a win2k3 server and the other is a
win2k server. The two child domains are the ones having the problems
creating the trusts between them. Should I still run those utilities you
spoke of?
If these are both W2K domains in the same forests then trusts are setup
automatically
and use dns and kerberos. From your description it sounds as if you have
separate
domain trees. I would run first netdiag and then dcdiag on each domain
controller
looking for any failed tests/errors/warnings that may give a clue. These
tools are
located on the install disk in the support tools folder where you have to
run the
setup program there. You may have general dns name resolution but possibly
a problem
with the domain controllers and their _srv records existing or replication
between
domains. I have not used a forest with separate trees. The guys/gals in
the
win2000.active_directory newsgroup could probably give you more ideas as
to specific
dns issues and such. --- Steve
I am not running WINS anywhere. I can ping both ways by IP, netbios
names,
and FQDN. both domains are in the same forest.
Make sure that you have netbios name resolution between the domains for
inter forest
trusts involving W2K A good way is to have the wins servers in each
forest
replicating to the wins servers in the other forest and domain
controllers
need to be
wins clients also. Make sure that in the Domain Controller Security
Policy that the
security option for additional restrictions for anonymous connections
is
not set to "
no access without explicit anonymous permissions" which can cause
problems
setting up
trusts. You might also want to post in the win2000.active_directory
newsgroup. ---
Steve
I can map a drive to my root dc in the zz.com domain. Not sure if
that
helps at all.
I am trying to map a drive from a DC in xx.zz.com to a share in
yy.zz.com.
I keep getting this error.
"The mapped network drive could not be created because the following
error
occurred: The trust relationship between the primary domain and the
trusted
domain failed." I have looked at my Users and Computers Domains and
trusts
and it seems the trusts are created, but I can't validate them.
yy.zz.com
is a Win2k3 server. xx.zz.com is a Win2k server.
