• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Question for W2K System Administrator

E

err

Platinum Member
Hi, I have this problem with our network. It is currently running NT 4.0 in production and we are trying to deploy windows 2000 in our infrastructure.

NT 4.0 can see Windows 2000 fine. It can browse through the user list, shared folders, and even full trust connection has been verified.

Windows 2000 CANNOT see WinNT4.0 domain. It CAN'T browse through user list, shared folders and trust connection cannot be verified. It always comes up with RPC server is not available or there are currently no logon server errors.

Some more info:
1. Windows 2000 Domain is running in Native mode
2. Windows 2000 is running on different subnet from NT4, but they are connected through routers.
3. Anybody can ping anybody fine
4. The RPC and Netlogon service on WinNT4 PDC has been restarted. But the NT 4.0 PDC and BDC server has NOT been booted.
5. All the machines that I am trying to connect to WinNT has WinNT DNS server in it's NIC TCP-IP properties
6. I've also fixed the ResctictAnonymous registry in the Win2k DC

My question is should native mode be able to see NT4 ? What other reason could lead to those error messages ?

Any help is appreciated 🙂

eRr
 
Default trusts between NT and 2000 domains are not 2-way. Add the 2000 domain (pre-windows 2000 name) to the trusted domain liist on your NT 4.0 PDC. Hope this fixes it.

Cru
 
cru,

I did try to add the Win2000 domain into the WinNT4 Trusted Domains. This is what happened:

1. The trust is in place on both domains, but it can;t be verified.
2. The error message was the Secure channel cannot communicate because RPC is not available.

So I guess it IS related to trust. I am just wondering if we can trust WinNT 4 domains if we're running Win2k Native Mode.

Thanks for the idea anyway.

eRr
 
I am not sure if this will apply but here goes.... If I remember correctly Native Mode in 2k Server is only for 2000 machines not NT4 you have to change the mode of your 2000 DC to Mixed Mode to support NT4 DCs
 
nightowl,

unfortunately you can't change from native to mixed mode. To do so you have to wipe out the entire win2k infrastructure and rebuild the active directory 🙁

Not such a bright idea to blow away 4 DCs and possibly reconfiguring more than 6 win2k servers that I have now 🙁

I am confused. I have found others with similar experience and I think this is related to WINS and netdom issue.

Thanks for the comment

eRr
 
Found the problem. It was a combination of WINS, DNS and Trust ... man it took me 2 full days to figure this out.

Anyway, thanks for all the ideas. I've always found a fix whenever I posted a question to a thread 🙂

eRr
 
Can you dish out some more info? Two full days is something that I would not like to repeat if I had the choice.
 


<< I am not sure if this will apply but here goes.... If I remember correctly Native Mode in 2k Server is only for 2000 machines not NT4 you have to change the mode of your 2000 DC to Mixed Mode to support NT4 DCs >>



This only applies inside the domain itself. If the trust relationships/name reolution/TCP/IP is set up properly, there is no reason why a Native mode 2k domain cannot communicate with an NT4.0 domain.
Further, there can be any number of NT 4.0 workstations and member servers in a native mode domain. Native mode means all of the DC's are running 2k, not all of the servers necessarily.



<< The error message was the Secure channel cannot communicate because RPC is not available >>



For future reference, it has been my experience that this error message is almost always related to an improper DNS set up.
 
Saltin is right on the coins on this one. I had to :

1. Set DNS server to use WINS lookup.
2. Set WINS on the property of Win2K DCs. This is necessary to register Win2k Domains into NT4 WINS server.
3. Break and recreate a two way full trust using Domain Trust MMC.
4. If you can't use the Domain trust MMC (uses DNS), use Netdom in the support tools (uses WINS).
5. Slap the server on it's buttts for playing me for 2 full days 🙂

eRr
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top