|
View Full Version : 2003 Connection attempt to NT4 domain
It was a firewall issue
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
This posting is provided "AS IS" with no warranties, and confers no rights.
"Jorge_de_Almeida_Pinto" wrote in
message news:1488598_405a8a80a625acf9dd9bcce6628966cc@windowsforumz.com...
> "" wrote:
> > I'm stumped. I have an NT4 domain without any type of trust.
> > I'm
> > attempting to run User Manager or Server Manager to attach to
> > this domain.
> > So far I have had no success.
> >
> > I have attached to the remote domain via share connection and
> > authenticated.
> > I then attempt to run User Manager that I have loaded from the
> > 2003 Resource
> > Kit on my 2003 server (Attempted on 2000 server as well).
> > Both servers are
> > fully patched.
> >
> > 194.126.18.99 PDC_NT #PRE #DOM:NT_DOMAIN
> > 194.126.18.99 "NT_DOMAIN > # IP Address
"123456789012345*7890"
> >
> > nbtstat -R
> > nbtstat -c
> >
> > results
> > PDC_NT <03> UNIQUE 194.126.18.99
> > -1
> > PDC_NT <00> UNIQUE 194.126.18.99
> > -1
> > PDC_NT <20> UNIQUE 194.126.18.99
> > -1
> > NT_DOMAIN <1C> GROUP 194.126.18.99
> > -1
> > NT_DOMAIN <1B> UNIQUE 194.126.18.99
> > -1
> >
> > When I attempt to connect, I get the error "Cannot find the
> > Primary DC for
> > NT_DOMAIN. You may administer this domain, but certain
> > domain-wide
> > operations will be disabled."
> >
> >
> > Is there some issue with NTLM on my servers that are disabled
> > due to
> > patching/policies? How can I track this down. I'm just plain
> > stumped?
> >
> > --
> >
> >
> > Paul
> >
> > cross posted
> > microsoft.public.windows.server.active_directory
> >
> > microsoft.public.win2000.active_directory
>
> donâ?Tt you have WINS ip addresses configured on the server so a WINS
> servers can provide services for NetBIOS nameresolution and
> registration?
>
> or are you just using lmhosts on that server?
>
> look at:
> http://support.microsoft.com/kb/q150800/
>
> to see how to configure lmhosts
>
> --
> Posted using the http://www.windowsforumz.com interface, at author's
request
> Articles individually checked for conformance to usenet standards
> Topic URL:
http://www.windowsforumz.com/2003-Connection-attempt-NT4-domain-ftopict441069.html
> Visit Topic URL to contact author (reg. req'd). Report abuse:
http://www.windowsforumz.com/eform.php?p=1488598
|
In news:eQddWsI7FHA.3592@TK2MSFTNGP12.phx.gbl, Paul Bergson made this post, which I then commented
about below:[color=blue]
> It was a firewall issue[/color]
Taking into consideration the date and time stamp when
Jorge_de_Almeida_Pinto posted, I do not believe he took the time to read
thru the thread to have known that prior to posting.
Ace
|
Yeah -- Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA This posting is provided "AS IS" with no warranties, and confers no rights. "Ace Fekay [MVP]" wrote in
message news:u7uc8rS7FHA.3648@tk2msftngp13.phx.gbl...[color=blue]
> In news:eQddWsI7FHA.3592@TK2MSFTNGP12.phx.gbl,
> Paul Bergson made this post, which I then commented
> about below:[color=green]
> > It was a firewall issue[/color]
>
> Taking into consideration the date and time stamp when
> Jorge_de_Almeida_Pinto posted, I do not believe he took the time to read
> thru the thread to have known that prior to posting.
>
> Ace
>
>[/color]
|
In news:ef0NwGU7FHA.2716@TK2MSFTNGP11.phx.gbl, Paul Bergson made this post, which I then commented
about below:[color=blue]
> Yeah[/color]
Replied privately... I hope your email address listed is correct.
Ace
|
I'm stumped. I have an NT4 domain without any type of trust. I'm
attempting to run User Manager or Server Manager to attach to this domain.
So far I have had no success.
I have attached to the remote domain via share connection and authenticated.
I then attempt to run User Manager that I have loaded from the 2003 Resource
Kit on my 2003 server (Attempted on 2000 server as well). Both servers are
fully patched.
194.126.18.99 PDC_NT #PRE #DOM:NT_DOMAIN
194.126.18.99 "NT_DOMAIN \0x1b" #PRE
# IP Address "123456789012345*7890"
nbtstat -R
nbtstat -c
results
PDC_NT <03> UNIQUE 194.126.18.99 -1
PDC_NT <00> UNIQUE 194.126.18.99 -1
PDC_NT <20> UNIQUE 194.126.18.99 -1
NT_DOMAIN <1C> GROUP 194.126.18.99 -1
NT_DOMAIN <1B> UNIQUE 194.126.18.99 -1
When I attempt to connect, I get the error "Cannot find the Primary DC for
NT_DOMAIN. You may administer this domain, but certain domain-wide
operations will be disabled."
Is there some issue with NTLM on my servers that are disabled due to
patching/policies? How can I track this down. I'm just plain stumped?
--
Paul
cross posted
microsoft.public.windows.server.active_directory
microsoft.public.win2000.active_directory
|
In news:O1pI3TW4FHA.1420@TK2MSFTNGP09.phx.gbl, Paul Bergson made this post, which I then
commented about below:[color=blue]
> I'm stumped. I have an NT4 domain without any type of trust. I'm
> attempting to run User Manager or Server Manager to attach to this
> domain. So far I have had no success.
>
> I have attached to the remote domain via share connection and
> authenticated. I then attempt to run User Manager that I have loaded
> from the 2003 Resource Kit on my 2003 server (Attempted on 2000
> server as well). Both servers are fully patched.
>
> 194.126.18.99 PDC_NT #PRE #DOM:NT_DOMAIN
> 194.126.18.99 "NT_DOMAIN \0x1b" #PRE
> # IP Address "123456789012345*7890"
>
> nbtstat -R
> nbtstat -c
>
> results
> PDC_NT <03> UNIQUE 194.126.18.99 -1
> PDC_NT <00> UNIQUE 194.126.18.99 -1
> PDC_NT <20> UNIQUE 194.126.18.99 -1
> NT_DOMAIN <1C> GROUP 194.126.18.99 -1
> NT_DOMAIN <1B> UNIQUE 194.126.18.99 -1
>
> When I attempt to connect, I get the error "Cannot find the Primary
> DC for NT_DOMAIN. You may administer this domain, but certain
> domain-wide operations will be disabled."
>
>
> Is there some issue with NTLM on my servers that are disabled due to
> patching/policies? How can I track this down. I'm just plain
> stumped?[/color]
Set the workaround shown in this link to disable SMB Signing ('always' to
'disabled'), then run:
gpupdate /force.
811497 - Error Message When Windows 95 or Windows NT 4.0 Client Logs On to
Windows Server 2003 Domain:
[url]http://support.microsoft.com/?id=811497[/url]
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply
unless that website posts replies back to the original Microsoft forum.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit or ensure the web community
posts it back to the original forum.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Windows Server Directory Services
Microsoft Certified Trainer
Infinite Diversities in Infinite Combinations.
=================================
|
I appreciate the effort but it is my 2003 server that can't connect to an NT 4.0 PDC. -- Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA This posting is provided "AS IS" with no warranties, and confers no rights. "Ace Fekay [MVP]" wrote in
message news:uGryCz14FHA.3136@TK2MSFTNGP09.phx.gbl...[color=blue]
> In news:O1pI3TW4FHA.1420@TK2MSFTNGP09.phx.gbl,
> Paul Bergson made this post, which I then
> commented about below:[color=green]
>> I'm stumped. I have an NT4 domain without any type of trust. I'm
>> attempting to run User Manager or Server Manager to attach to this
>> domain. So far I have had no success.
>>
>> I have attached to the remote domain via share connection and
>> authenticated. I then attempt to run User Manager that I have loaded
>> from the 2003 Resource Kit on my 2003 server (Attempted on 2000
>> server as well). Both servers are fully patched.
>>
>> 194.126.18.99 PDC_NT #PRE #DOM:NT_DOMAIN
>> 194.126.18.99 "NT_DOMAIN \0x1b" #PRE
>> # IP Address "123456789012345*7890"
>>
>> nbtstat -R
>> nbtstat -c
>>
>> results
>> PDC_NT <03> UNIQUE 194.126.18.99 -1
>> PDC_NT <00> UNIQUE 194.126.18.99 -1
>> PDC_NT <20> UNIQUE 194.126.18.99 -1
>> NT_DOMAIN <1C> GROUP 194.126.18.99 -1
>> NT_DOMAIN <1B> UNIQUE 194.126.18.99 -1
>>
>> When I attempt to connect, I get the error "Cannot find the Primary
>> DC for NT_DOMAIN. You may administer this domain, but certain
>> domain-wide operations will be disabled."
>>
>>
>> Is there some issue with NTLM on my servers that are disabled due to
>> patching/policies? How can I track this down. I'm just plain
>> stumped?[/color]
>
> Set the workaround shown in this link to disable SMB Signing ('always' to
> 'disabled'), then run:
> gpupdate /force.
>
> 811497 - Error Message When Windows 95 or Windows NT 4.0 Client Logs On to
> Windows Server 2003 Domain:
> [url]http://support.microsoft.com/?id=811497[/url]
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> If this post is viewed at a non-Microsoft community website, and you were
> to respond to it through that community's website, I may not see your
> reply unless that website posts replies back to the original Microsoft
> forum. Therefore, please direct all replies ONLY to the Microsoft public
> newsgroup this thread originated in so all can benefit or ensure the web
> community posts it back to the original forum.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft MVP - Windows Server Directory Services
> Microsoft Certified Trainer
> Infinite Diversities in Infinite Combinations.
> =================================
>[/color]
|
In news:ud13d3J5FHA.3976@TK2MSFTNGP15.phx.gbl, Paul Bergson made this post, which I then
commented about below:[color=blue]
> I appreciate the effort but it is my 2003 server that can't connect
> to an NT 4.0 PDC.[/color]
Sorry to hear. I may suggest to create a trust and try it just to see if
that works.
Ace
|
Actually that is my goal. I was hoping to get this working first. -- Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA This posting is provided "AS IS" with no warranties, and confers no rights. "Ace Fekay [MVP]" wrote in
message news:OJXb1GP5FHA.3876@TK2MSFTNGP09.phx.gbl...[color=blue]
> In news:ud13d3J5FHA.3976@TK2MSFTNGP15.phx.gbl,
> Paul Bergson made this post, which I then
> commented about below:[color=green]
>> I appreciate the effort but it is my 2003 server that can't connect
>> to an NT 4.0 PDC.[/color]
>
> Sorry to hear. I may suggest to create a trust and try it just to see if
> that works.
>
> Ace
>
>
>[/color]
|
In news:OdMGkDT5FHA.432@TK2MSFTNGP09.phx.gbl, Paul Bergson made this post, which I then
commented about below:[color=blue]
> Actually that is my goal. I was hoping to get this working first.[/color]
I'm not sure, and haven't tested it out, but I believe this may be a chicken
before the egg issue, if you know what I mean.
Ace
|
It is so weird having to go back so far to get this company into our wan. -- Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA This posting is provided "AS IS" with no warranties, and confers no rights. "Ace Fekay [MVP]" wrote in
message news:uojuBCY5FHA.1248@TK2MSFTNGP14.phx.gbl...[color=blue]
> In news:OdMGkDT5FHA.432@TK2MSFTNGP09.phx.gbl,
> Paul Bergson made this post, which I then
> commented about below:[color=green]
>> Actually that is my goal. I was hoping to get this working first.[/color]
>
> I'm not sure, and haven't tested it out, but I believe this may be a
> chicken before the egg issue, if you know what I mean.
>
> Ace
>[/color]
|
My network guy fessed up to blocking ports 137 and 138. I got them open and whah lah... -- Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA This posting is provided "AS IS" with no warranties, and confers no rights. "Paul Bergson" wrote in message
news:upVwvwf5FHA.4076@tk2msftngp13.phx.gbl...[color=blue]
> It is so weird having to go back so far to get this company into our wan.
>
> --
>
>
> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
> "Ace Fekay [MVP]"
> wrote in
> message news:uojuBCY5FHA.1248@TK2MSFTNGP14.phx.gbl...[color=green]
>> In news:OdMGkDT5FHA.432@TK2MSFTNGP09.phx.gbl,
>> Paul Bergson made this post, which I then
>> commented about below:[color=darkred]
>>> Actually that is my goal. I was hoping to get this working first.[/color]
>>
>> I'm not sure, and haven't tested it out, but I believe this may be a
>> chicken before the egg issue, if you know what I mean.
>>
>> Ace
>>[/color]
>
>[/color]
|
In news:%23XIHRxj5FHA.2036@TK2MSFTNGP14.phx.gbl, Paul Bergson made this post, which I then
commented about below:[color=blue]
> My network guy fessed up to blocking ports 137 and 138. I got them
> open and whah lah...[/color]
Don't you hate when that happens?
:-)
Cheers!
Ace
|
It's always the same. The comms team ping something, get a reply and then
slope their shoulders!
Why do we need them?
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
[url]http://www.msresource.net[/url] | [url]http://forums.msresource.net[/url]
|
To make us miserable. We just had an org change, the boys from networking are getting rolled up into our group. Sad thing is who do we get to point the finger at now? : ) -- Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA This posting is provided "AS IS" with no warranties, and confers no rights. "Paul Williams [MVP]" wrote in message
news:1131716932.229101@ernani.logica.co.uk...[color=blue]
> It's always the same. The comms team ping something, get a reply and then
> slope their shoulders!
>
> Why do we need them?
>
> --
> Paul Williams
> Microsoft MVP - Windows Server - Directory Services
> [url]http://www.msresource.net[/url] | [url]http://forums.msresource.net[/url]
>
>[/color]
|
In news:uzYWxgs5FHA.2888@tk2msftngp13.phx.gbl, Paul Bergson made this post, which I then
commented about below:[color=blue]
> To make us miserable. We just had an org change, the boys from
> networking are getting rolled up into our group. Sad thing is who do
> we get to point the finger at now? : )[/color]
At each other!
:-)
At least they'll maybe now see what you guys actually do when things go
wrong.
Ace
|
"" wrote:[color=blue]
> I'm stumped. I have an NT4 domain without any type of trust.
> I'm
> attempting to run User Manager or Server Manager to attach to
> this domain.
> So far I have had no success.
>
> I have attached to the remote domain via share connection and
> authenticated.
> I then attempt to run User Manager that I have loaded from the
> 2003 Resource
> Kit on my 2003 server (Attempted on 2000 server as well).
> Both servers are
> fully patched.
>
> 194.126.18.99 PDC_NT #PRE #DOM:NT_DOMAIN
> 194.126.18.99 "NT_DOMAIN > # IP Address "123456789012345*7890"
>
> nbtstat -R
> nbtstat -c
>
> results
> PDC_NT <03> UNIQUE 194.126.18.99
> -1
> PDC_NT <00> UNIQUE 194.126.18.99
> -1
> PDC_NT <20> UNIQUE 194.126.18.99
> -1
> NT_DOMAIN <1C> GROUP 194.126.18.99
> -1
> NT_DOMAIN <1B> UNIQUE 194.126.18.99
> -1
>
> When I attempt to connect, I get the error "Cannot find the
> Primary DC for
> NT_DOMAIN. You may administer this domain, but certain
> domain-wide
> operations will be disabled."
>
>
> Is there some issue with NTLM on my servers that are disabled
> due to
> patching/policies? How can I track this down. I'm just plain
> stumped?
>
> --
>
>
> Paul
>
> cross posted
> microsoft.public.windows.server.active_directory
>
> microsoft.public.win2000.active_directory[/color]
don’t you have WINS ip addresses configured on the server so a WINS
servers can provide services for NetBIOS nameresolution and
registration?
or are you just using lmhosts on that server?
look at:
http://support.microsoft.com/kb/q150800/
to see how to configure lmhosts
--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/2003-Connection-attempt-NT4-domain-ftopict441069.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1488598
|
|
|
|