Re: Problem with domain trust after W2003SP1 upgrade
From: Christian Stinakovits via WinServerKB.com (forum_at_WinServerKB.com)
Date: 04/15/05
- Next message: eric.hall_at_gmail.com: "Re: startup/shutdown events not being logged"
- Previous message: Jan K. van Dalen: "https & update problems in W2K3 SP1"
- In reply to: Stefan Cuypers: "Problem with domain trust after W2003SP1 upgrade"
- Next in thread: Stefan Cuypers: "Re: Problem with domain trust after W2003SP1 upgrade"
- Reply: Stefan Cuypers: "Re: Problem with domain trust after W2003SP1 upgrade"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 15 Apr 2005 16:26:54 GMT
Currently I have a Case running with MS about this .. read on here:
_____________________________________________________________________
Trust verify in Domains and Trusts MMC snapin or NLTEST.EXE fail,
Error message: ?The remote procedure call failed and did not execute?
Cause
Win2k3 SP1 added a new RPC element called Bind Time Feature Negotiation.
The new element provides a method for clients and servers to discover and
negotiate their capabilities during bind time as opposed to the first
request after a bind.
Because this is a new RPC element, it may not be recognized by firewalls,
routers or ISA Server 200x. If the traffic is not recognized, the firewall,
router or ISA Server will drop the new RPC bind request frames. As a result
any operation that requires an RPC bind may now fail with RPC errors. Some
RPC dependent operations that may fail are:
Resolution
ISA 2000 - Apply SP2 for ISA 2000
ISA 2004 - Apply SP1 for ISA 2004
Third Party Firewall or Router - Investigate if the device support Bind
Time Feature Negtiation.
After Installing Service Pack 1 on 2003, Domain trust fails. Test show a
failure in RPC traffic.
Resolution
This is because Windows 2003 SP1 includes a new feature called "Bind Time
Feature negotiation" ISA does not support this feature. This is Fixed In
ISA 2004 SP1. Installing this service pack will allow the RPC traffic to
work.
Other workarounds.
1. Use IPSEC between DCs,
2. Disable "Enforce strict RPC compliance. Instructions below:
In the console tree of ISA Server Management, click Firewall Policy.
Where?
Microsoft ISA Server 2004
Server_Name
Firewall Policy
In the details pane, click any access rule that applies to remote procedure
call (RPC) traffic.
On the Tasks tab, click Edit Selected Rule.
On the Protocols tab (for an access rule), click Filtering, and then click
Configure RPC protocol.
On the Protocol tab, select Enforce strict RPC compliance, if no RPC
protocols should be allowed.
__________________________________________________________________
Another solution that also worked is to uninstall SP1.
bye
Chris
- Next message: eric.hall_at_gmail.com: "Re: startup/shutdown events not being logged"
- Previous message: Jan K. van Dalen: "https & update problems in W2K3 SP1"
- In reply to: Stefan Cuypers: "Problem with domain trust after W2003SP1 upgrade"
- Next in thread: Stefan Cuypers: "Re: Problem with domain trust after W2003SP1 upgrade"
- Reply: Stefan Cuypers: "Re: Problem with domain trust after W2003SP1 upgrade"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
