Trust Relationships

G

Guest

I'm having some problem with Trust relationships.
We have established Trusts between several of our Widnows 2000 AD domains.
These establish fine and work fine (for a while, anyway).
Almost once a week, the Trusts need to be reset as they fail. There are
about 6 Trusts in place and differenet Trusts seem to require resetting each
time (some more than others).
What are the known reasons for Trusts failing and why does the Reset then
re-establish the Trust OK?
Is there anything we can do to avoid having to reset these so often?

I should mention that the Trusts aren't used very frequently. Mainly for an
SQL server job which connect to each site every week. Do Trusts timeout due
to inactivity?

Many thanks
 
J

Jorge_de_Almeida_Pinto

I'm having some problem with Trust relationships.
We have established Trusts between several of our Widnows 2000
AD domains.
These establish fine and work fine (for a while, anyway).
Almost once a week, the Trusts need to be reset as they fail.
There are
about 6 Trusts in place and differenet Trusts seem to require
resetting each
time (some more than others).
What are the known reasons for Trusts failing and why does the
Reset then
re-establish the Trust OK?
Is there anything we can do to avoid having to reset these so
often?

I should mention that the Trusts aren't used very frequently.
Mainly for an
SQL server job which connect to each site every week. Do
Trusts timeout due
to inactivity?

Many thanks

every week you say?.... as you may know truts also have passwords.
Trust passwords are changed every 7 days.

What the errors and event id on the DCs?

Cheers,
 
M

Mike Shepperd

As a preventative step it might be worth hosting a secondary DNS zone for
each of the various domains in every other domain to ensure that they are
able to locate the needed machines to reset the trust password. As Jorge
indicated the Event logs would be very helpful in troubleshooting this
issue.

You can also use the nltest utility to troubleshoot the secure channel
chain.

From a command prompt, type:
F:\ReskitTools\>nltest /sc_query:%domainname%
(where the %domainname% is the Netbios name of the domain the client is in).

It should show the following information:
Flags:
Trusted DC Name
Trusted DC Connection Status Status =
The command completed successfully

You can then go to that trusted DC and do the nltest command to the trusted
domain, if that succeeds, you can walk the chain back up the other direction
from the resource in the trusted domain to see where the trusts come
together.

After checking the Event Logs and running the nltest command against each of
the domains, you should have your answer, or more information to post for us
to help further. If this does not lead you to the answer, you may have some
necessary port blocked between the two domains. You can use Network Monitor
(or Ethereal) on both sides of the trust to trace the creation of the trust
and verification of the trust, but I suspect that the network is not the
problem, or you wouldn't get success when initially setting the trust up.

Post your results so we can follow up.


Mike Shepperd
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top