Russ, My experience with NT4 to Win2k trusts is that when they go whacky, blow the trusting and trusted away. Set the trusted, don't verify. Have the other side do their trusting. The other side should do their trusted, don't verify. Then you do your trusting - making sure that the same password is used for each side (local, remote).
Also (not reading this whole thread), make SURE that you have LMHosts setup to properly configure the domains and the PDC IP's of both sides. Rick Kingslan MCSE, MCSA, MCT, CISSP Microsoft MVP: Windows Server / Directory Services Windows Server / Rights Management Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone WebLog - www.msmvps.com/willhack4food -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Wednesday, April 21, 2004 7:18 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Trust issue When attempting the /reset, I got "Cannot reset the trust passwords; both domains must be Windows 2000 domains." Which is correct - the trust is NT4-Win2k. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of E Brown Sent: Wednesday, April 21, 2004 1:48 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Trust issue Russ, For grins can you use your admin credentials for both sides to verify? If this still fails, a /reset will get the trust stable again. If this problem continue to happen, you can you trustmon if you are pre-W2k3. There is a WMI provider built into W2k3. Let me know the results. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Tuesday, April 20, 2004 4:41 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Trust issue C:\>netdom trust wh1 /domain:ccc.ourcompany.com /verify /verbose Establishing a session with \\WHPDC01 Reading LSA domain policy information Establishing a session with \\cambindc01.ccc.ourcompany.com Reading LSA domain policy information Verifying the trust between trusting domain wh1 and trusted domain ccc.coopcam.com Verifying the trust between trusting domain ccc.ourcompany.com and trusted domain wh1 The secure channel query on domain controller \\cambindc01.ccc.ourcompany.com for t rusting domain WH1 failed with the following error: Access is denied. The attempt to contact the NetLogon service on domain controller \\cambindc01.cc c.ourcompany.com for a secure channel reset of trusting domain WH1 failed with the following error: Access is denied. Deleting the session with \\cambindc01.ccc.coopcam.com Deleting the session with \\WHPDC01 The command completed successfully. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of E Brown Sent: Monday, April 19, 2004 9:08 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Trust issue Russ, Do you test this with nltest or netdom? Can you run the test with netdom and add the /verbose switch on the end? Paste the output will show failure reason. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Monday, April 19, 2004 4:34 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Trust issue We have a trust between our old NT4 domain and our new AD domain. One of our sites that has an AD domain controller at it is having issues. When I login to that sites domain controller and try to verify the trust, I get: The secure channel (SC) query on domain controller \\cambindc01.abc.ourdomain.com of domain abc.ourdomain.com to domain WH1 failed with error: Access is denied. An SC reset will be attempted. The trust verifys fine when trying to verify on any other domain controller, it's just this one DC that it fails on. Any suggestions where to begin? Thanks ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
