none
Active Directory Domains and Trusts cannot be validate

    Question

  • I cannot validate a trust between 2 server suddenly. Please help! Thank you!

    Configuration: External trusts, 2 ways, not transitive

    Server A: Windows server 2003, can ping to Server B. When I validate with Server B, it display a error: The trust cannot be validated for the following reasons: The outgoing tryust was successfully validated. The secure channel (SC) reset on domain controller \\xxx.serverb.com of domain serverb.com to domain servera.com failed with error: The RPC server is unavailable.

    Server B: Windows server 2000, can ping to Server A. When i ran verify in Domains and Trusts, it display a error: "Information from the primary domain controller for the domain servera.com cannot be obtained becasue: The RPC server is unavailable. Make sure that the PDC is operationg properly and then try again.

    Tuesday, June 7, 2011 5:50 AM

Answers

  • Finally, i disabled the network card 2, Remove domains and trusts, restart Server A and B, add new domains and trusts between Server A and B.

    Problem solved....

    • Marked as answer by Gordon Bower Friday, June 17, 2011 6:28 AM
    Friday, June 17, 2011 6:28 AM

All replies

  • Hello,

    sounds like it is blocked ports problem.

    Needed ports are mentioned here: http://support.microsoft.com/kb/179442

    Use PortQry v2 to check that they are opened.

    Also, make sure that DNS records can be solved correctly. In each domain, configure conditional forwarders on DNS servers that forward DNS traffic to DNS servers in the other domain.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator

    Tuesday, June 7, 2011 6:40 AM
  • Thanl you for your reply. I disabled the firewall already and ran the ping test between Server A and Server B. I found Server A outgoing trust was successfully validated but the incoming failed.
    Tuesday, June 7, 2011 7:51 AM
  • Use nslookup to check that all is okay with DNS resolution.

    I suspect that you have missing DNS records.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrato

    Tuesday, June 7, 2011 8:25 AM
  • I can validated the trust but unstable.

    First time - ok, second - fail, third - ok, fourth - fail ........

    Have any idea??? Thanks!

    Thursday, June 9, 2011 1:50 AM
  • Hello,

    please provide an unedited ipconfig /all from the DC/DNS servers.

    How did you configure DNS on each site of the trust, please explain in detail?

    Any firewall between the forests?


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Thursday, June 9, 2011 6:37 AM
  • I found Event ID 4319 on the server.

    "A duplicate name has been detected on the TCP network.  The IP address of the machine that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state."

    I used nbtstat -n and got this result.

    Local Area Connection 1:
    Node IpAddress: [192.28.46.1] Scope Id: []

                    NetBIOS Local Name Table

           Name               Type         Status
        ---------------------------------------------
        SERVER-FILE-1    <00>  UNIQUE      Registered
        SERVER-AD        <00>  GROUP       Registered
        SERVER-AD        <1C>  GROUP       Registered
        SERVER-FILE-1    <20>  UNIQUE      Registered
        SERVER-AD        <1B>  UNIQUE      Registered
        SERVER-AD        <1E>  GROUP       Registered
        SERVER-AD        <1D>  UNIQUE      Registered
        ..__MSBROWSE__.<01>  GROUP       Registered

    Local Area Connection 2:
    Node IpAddress: [192.28.46.2] Scope Id: []

                    NetBIOS Local Name Table

           Name               Type         Status
        ---------------------------------------------
        SERVER-FILE-1    <00>  UNIQUE      Registered
        SERVER-AD        <00>  GROUP       Registered
        SERVER-AD        <1C>  GROUP       Registered
        SERVER-FILE-1    <20>  UNIQUE      Registered
        SERVER-AD        <1B>  UNIQUE      Registered
        SERVER-AD        <1E>  GROUP       Registered

    My network card configuration 1

    IP: 192.28.46.1

    SM: 255.255.255.128

    DG: 192.168.46.126

    DNS:192.28.46.1

    My network card configuration 2

    IP: 192.28.46.2

    SM: 255.255.255.128

    DG: 192.168.46.126

    DNS:192.28.46.1

    This problem will casue my trust unstable???

    Friday, June 10, 2011 9:27 AM
  • Hello,

    I see that your DC is multihomed. This is not recommended as it causes DNS problems => AD problems.

    More here: http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx

    Please disable the second NIC card or disable DNS registration on it. Why do you want to use two NIC cards?

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator

    Friday, June 10, 2011 9:33 AM
  • Finally, i disabled the network card 2, Remove domains and trusts, restart Server A and B, add new domains and trusts between Server A and B.

    Problem solved....

    • Marked as answer by Gordon Bower Friday, June 17, 2011 6:28 AM
    Friday, June 17, 2011 6:28 AM