Announcement

Collapse
No announcement yet.

Parent-Child Trust appears to be failing

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Parent-Child Trust appears to be failing

    I have a major problem with a sub domain in my Active Directory forest!

    The forest design is essentially

    root.com
    |-sub1.root.com
    | |- sub11.sub1.root.com
    | |- sub12.sub1.root.com
    | |- sub13.sub1.root.com
    |-sub2.root.com
    |-sub3.root.com

    When I try to log into sub1.root.com with the enterprise administrator from root.com I get the error System could not log you on, make sure your username and domain are correct.

    I'm also have problem replicating active directory across this domain.

    I've been able to log into sub11.sub1.root.com by adding a shortcut trust to the root.com!

    I've tried reseting the trust with netdom, this was possible by using the administrator username and password from the subdomain in the user and passwordd option; but this should not be required. This is also the only way I can verify the trust.

    I do not get any problems logging on the the other subdomains!

    I'm now a little stuck as to where to look to find the problems/solution!

    Any pointers would be gratefully received!

  • #2
    Re: Parent-Child Trust appears to be failing

    My first impression was that the domain admin(s) have removed Enterprise Admins permissions from various places, blocking your logon.

    Is _every_ logon failing? locally, network?

    > I'm also have problem replicating active directory across this domain

    That is worrying. Perhaps there is something wrong with the DNS in that child domain. If that domain can no longer find the forest root that would explain everything.

    Comment


    • #3
      Re: Parent-Child Trust appears to be failing

      What I find strange looking at replmon.

      Configuration and Schema will not replicate from the sub domain to the master due to Access Denied Errors, but ForestDNSZones will. Also the root domain dc can replicate to the subdomain dc for all these.

      Also I have a DC for the sub domain on the same site as the PDC Master for the root domain and I can login as the Enterprise Admin.

      So I'm assuming it must be a network issue.

      I'm going to blow away the two dodgy dc's and build two more on this site and see how we go!

      Comment

      Working...
      X