0

This is urgent please help!

I have the problem with the trust that we setup for our AD forests, I got the error message when I try to validate the trust;
"The trust cannot be validated for the following reasons.
The secure channel (sc) reset on domain controller \\test.ny.us.com of domain ny.us.com to domain us.com failed with error: they are currently no logon servers available to service the logon request."
1, The 2 domain listed above are in different forests they are not related at all,
Under the us.com I was being able to create the 2 way trusts but got error when I try to validate the trust (The account I use to validate the trust does have all the administrative rights for the ny.us.com).
2. I was unable to create the 2 way trust when I'm on the ny.us.com AD system, I only have the realm trust vailable to pick to create the trust with us.com.
**Even though I already Raise the Functional Level of the trust to Windows 2003 server but I didn't get the option of the External Domain Trust or Forest Trust. I still get the Realm or the Domain Trust options**
Please help,

Thanks,
mai

2
Contributors
1
Reply
2
Views
10 Years
Discussion Span
Last Post by cutepinkbunnies
0

Hi Mai,

Ok...I'm trying to get this straight here.

1. You have both forests and domains at 2003 Server level
2. You are being denied trust creation based on credentials

Have you checked the security logs on the machines in question?
Sometimes if you configure stricter security settings (like my favorite template hisecws.inf) on one of the machines and not another, the box will reject all non-NTLMv2 traffic. So basically if you're using LANMAN or NTLM it would get denied.

I know this doesn't quite work the way NTLM is supposed to through negotiation, but I've created this issue in my labs a few times and has to do with the security policy of the machine in question.

This link talks about how things may be misconfigured.

http://kb.iu.edu/data/atcd.html

I hope this helps, if I misunderstood the question please let me know where I went wrong.

Jon

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.