Two way trust between NT4 PDC and NT2003 server

[Lillian]

I have to establish two way trust between NT4(PDC) and
NT2003 server with active directory, the NT4 server
domain name is call "infoservices", host name is call
costandby, the NT2003 server is call "glc.training.gov"
has DNS, when I try to establish two way trust, first
from NT4 I add "training" from trusted, then from NT2003
server I new trust "infoservices" as incoming, then
outgoing, then NT4 server I add "training" as
trusting,the final when I want to validate from NT2003,
it say" verification of trust between domain traing.gov
and domain infoservices was unsuccessful because there
are current no logon servers available to service the
logon request, to repair a trust a pre-windows 2000
domian you must remove and re-add the trust on both
sides." before I do this I created an username"trust" on
both NT4 and NT2003 server with same password has domain
admins and administrators prevelidge, so what is wrong
with this setup? can someone help me? what is meant
by "no logon servers available to service the logon
request"

Thanks.

Lillian

 

[Oli Restorick [MVP]]

One thing you didn't mention here is WINS.

Are you using WINS? Are all DCs able to communicate and register with the
same (or replicated) WINS server?

See the following for how to write LMHOSTS files to allow the DCs to find
each other.

Domain Trust Relationship Cannot be Created
http://support.microsoft.com/default.aspx?scid=kb;en-us;197808

If you have two separate WINS databases that you don't want to replicate to
each other, you can also create static domain records (1B and 1C) in each
WINS database to allow the other side of the trust to be found.

Bear in mind that Microsoft does not generally recommend using static
entries in WINS.

If one DC can resolve the other domain and another can't you'll get
seemingly-random incidents of users being unable to log in across the trust.
The Domain Monitor (dommon.exe) utility from the Windows 2000 Resource Kit
is great for checking that you've got everything right. Unfortunately, it
doesn't seem to be available for download, although you will have it if you
are a TechNet subscriber.

Hope this helps

Oli

 

[Oli Restorick [MVP]]

Reading that back, I whizzed very quickly between three different setups.
To clarify:

1) Full WINS -- it should just work if all DCs are set to use the same WINS
infrastructure.

2) No WINS -- use LMHOSTS

3) Two WINS islands -- use static enties (or LMHOSTS).

Oli

 

[Lillian]

Hi, Oli:

I do have lmhost file on NT4.0 and Nt2003 server, what
it meant by "there are current no logon servers
available to service the logon request", when I have was
click on "validate" button on nt2003 server domain and
trust, the screen pop up say" you need have
administrator's previledge from infoservice (NT4.0) to
validate it", when I did, the user (trust) I created it
has full previledge, what is wrong with this picture?

Lillian

 

[Oli Restorick [MVP]]

Can you post the contents of the lmhosts file from each machine? I'm
talking about an lmhosts file you created, not the lmhosts.sam sample file.
The real lmhosts file, if present, has no file extension.

When you create a trust, the domain controller for one domain needs to be
able to resolve the domain name and find the domain controllers for the
other domain. If it can't do this, you get the message you mention.

Hope this helps

Oli