Jump to content

Domain can't be contact!

jimmyjiang

By jimmyjiang
in Windows 2000/2003/NT4

 Share

Recommended Posts

jimmyjiang

jimmyjiang

Posted
Posted

hi,

I get problems during migrate my 2000 server domain to a new 2003 server domain, when I try to build trust between these 2 domain, it always say: "domain cannot be contacted" , actually I can browse each ohter domain, and can access their shared document from either side.

my 2 domain's setting like this:

2000 server's prefered DNS server is 2003 server's DNS server, and alter DNSserver is itself.

2003 server's prefered DNS server is itself, and alter DNSserver is 2000 sever's DNSserve.

2000 server domain is in mix level ,and 2003 server is in windows 2000native(that's ADMT tool required?).

acutally before I raise 2003 sever to window2000 native mode ,I still can create trust ,but it can not be verify. show the erro message:

" the trust password verification failed with error 1787: the security database on the server does not have a computer accout for this workstation trust relationship."

after I raise the level to 2000 native ,then I even can't create trust? do I need to buidle a new 2003 domain since it can't be reversed?

and even I rebuilde the 2003 domain, how do I resolve the computer account problem?

thanks in advance!

Link to comment
Share on other sites

valter

valter

Posted
Posted

Domain controllers should always point to their respective DNS servers. So Win2k should as primary point to itself and secondary to the DNS of the Win2k3. Win2k3 should primary point to itself and secondary to Win2k DNS.

Replicate DNS zones of both domains to the oposite domain DNS Win2k -> Win2k3 and Win2k3 -> Win2k then try to create trust it should work.

Link to comment
Share on other sites
jimmyjiang

jimmyjiang

Posted
  • Author
Posted

hi,

thanks for the help!

I did what you said, I choose the "standard primary " type as the replicate DNS Zone for the w2k3 server domain from the w2k server's DNS server,but it looks not right cause only two records inside new replicate DNS Zone:their type is "start of Authority" and "Name server",

and I create a Host A record inside ,point to w2k3 server's DNS server. but it still not resolve the "domain can't contact problem",I can't create a trust from w2k server side.

oppositly, the replicate DNS Zone I create in w2k3 server side is fine, looks normal, has all record,and I'm able to create a 2 two trust from it.

can you tell me why?

thanks!

Link to comment
Share on other sites
tarquel

tarquel

Posted
Posted

not that this is any help but i decided against migration in this way - for the difficulties you run into.

It was a long time ago so i cant remember the precise way i did it, but i created a new domain and "imported" the users & shares across from the old NT DC/domain and moved all the user files & other resources over manually.

Worked a treat and helped not import any problem settings from the old DC.

Not much help but good luck with it. Trusts are odd

...by the way, you didnt choose the ...(not by my server now so forgive the lack of proper terminology)... new 2003 domain when setting it up to run as 2003 native mode (or whatever the mode is that doesnt see older server's like NT & 2000) as this might be not helping the situation.

Just a thought...

Regards,

Nath.

Link to comment
Share on other sites
valter

valter

Posted
Posted
hi,

  thanks for the help!

  I did what you said, I choose the "standard primary " type as the replicate DNS Zone for the w2k3 server domain from the w2k server's DNS server,but it looks not right cause only two records inside new replicate DNS Zone:their type is "start of Authority" and "Name server",

and I create a Host A record inside ,point to w2k3 server's DNS server. but it still not resolve the "domain can't contact problem",I can't create a trust from w2k server side.

  oppositly, the replicate DNS Zone I create in w2k3 server side is fine, looks normal, has all record,and I'm able to create a 2 two trust from it.

  can you tell me why?

thanks!

Can't tell you why, but it looks like a problem on your Win2k3 domain ... anyway, the painless process you might wanna take would be to upgrade your Win2k domain to Win2k3 and skip process of migration that is real pain in the neck ... anyway, if you decide to upgrade your domain instead, let me know so I can find some links that would help you out

Link to comment
Share on other sites
ravashaak

ravashaak

Posted
Posted

It's almost certainly a name resolution issue on some level. You can:

1. Fix DNS

2. Use WINS

3. Use lmhosts files for trust validation (easiest)

For item #3 above, this link HERE should provide all the information you require.

For general troubleshooting tips related to this problem, go HERE.

Hope this helps you.

- Ravashaak

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...