+ Post New Thread
Results 1 to 10 of 10
Windows Thread, External Trust authentication issues in Technical; Hi all, I am in the process of setting up an External Trust between our Admin and Curriculum Domains. Gone ...
  1. #1

    Join Date
    Jun 2006
    Location
    Dorset
    Posts
    111
    Thank Post
    2
    Thanked 5 Times in 4 Posts
    Rep Power
    18

    External Trust authentication issues

    Hi all,

    I am in the process of setting up an External Trust between our Admin and Curriculum Domains. Gone pretty smoothly all in all but I want to be able to use selective authentication on the Admin domain instead of Domain-wide.

    However when I select it and apply, I get the following error:

    "The domain was in the wrong state to perform the security operation."

    On clicking ok, I receive:

    "Unable to write the organization authentication information to the trust object. The error is: The domain was in the wrong state to perform the security operation."

    Anyone experienced this before?

  2. #2
    Oops_my_bad's Avatar
    Join Date
    Jan 2007
    Location
    Man chest hair
    Posts
    1,738
    Thank Post
    438
    Thanked 53 Times in 50 Posts
    Rep Power
    31
    Are the DC's on both networks 2003? I always get this mixed up, but I think you need your DC's to be running in 2003 forest functional mode.. someone will be along shortly to confirm

  3. #3

    Join Date
    Jun 2006
    Location
    Dorset
    Posts
    111
    Thank Post
    2
    Thanked 5 Times in 4 Posts
    Rep Power
    18
    Thanks TeddyKGB,

    This one thing that I noticed and thought could be a cause. Both DC's are Server 2003 but are currently in Windows 2000 Mixed functional level.

    On the Admin network I have just one DC - 2003 but on the curriculum network I have 3 DCs - PDC is 2003 and the other two are 2000.

    I have up until now resisted pulling the trigger on raising the Domain Functional Level and I'm not sure what effect it will have. Further advice would be great!

    Thanks,

    Charlie.

  4. #4
    Hedghog's Avatar
    Join Date
    Jul 2006
    Location
    North Wales
    Posts
    194
    Thank Post
    35
    Thanked 17 Times in 16 Posts
    Rep Power
    38
    yes indeed you do need both DCs to be at 2003 functional level to get trusts to work properly.
    Im not sure how your curriculum AD will react if you put your 2003 server to 2003 level only.
    Ther are other threads on this subject on this site if I can find the reference I will post it

    Peter

  5. #5

    Join Date
    Jun 2006
    Location
    Dorset
    Posts
    111
    Thank Post
    2
    Thanked 5 Times in 4 Posts
    Rep Power
    18
    I cannot raise my Curriculum PDC to 2003 function level as I have 2000 DCs on the Domain. The highest it can go is 2000 native (which it is in). However, my Admin PDC is currently set to 2000 mixed - so I can certainly raise the level of that to 2003 functional level because I can't see me adding any other DCs older than Server 2003.

    Are there any pitfalls to be aware of when raising the functional level? I can't see there being a problem as it is the only DC on the Domain but one never knows!! Thought I better check first as it's irreversible!!

  6. #6

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    Raising the domain and forest functional levels to Windows Server 2003 is a nonreversible task and prohibits the addition of Windows NT 4.0–based or Windows 2000–based domain controllers to the environment. Any existing Windows NT 4.0 or Windows 2000–based domain controllers in the environment will no longer function.

  7. #7
    Hedghog's Avatar
    Join Date
    Jul 2006
    Location
    North Wales
    Posts
    194
    Thank Post
    35
    Thanked 17 Times in 16 Posts
    Rep Power
    38

    Unhappy

    Hi rusty155

    When I was setting up a similar trust I could not get it to work unless both DC involved in the trust were at 2003 functional level.
    I may be wrong but since SP1 the only way you can do this is if the above is set up.
    Sorry!

  8. #8
    Julian's Avatar
    Join Date
    Jan 2008
    Location
    Rickmansworth
    Posts
    2
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    You do NOT need both domains to be at the same active directory level, I have a one way trust set up between a Win 2003 active directory domain, and a Win2k active directory domain.

    According to my tome (Mastering Windows Server 2003 by Mark Minasi) the usual problem in setting up trusts is due to DNS not working between the two domains. Certainly my experience was that I could not get the trust to work, until I got them to see each other in DNS.

  9. #9

    Join Date
    Jun 2006
    Location
    Dorset
    Posts
    111
    Thank Post
    2
    Thanked 5 Times in 4 Posts
    Rep Power
    18
    Hi thanks for the replies - perhaps I wasn't clear enough though.

    I have got the trust working fine - I just can't get the selective authentication working. Get the following error when I try to enable it:

    "The domain was in the wrong state to perform the security operation."

    Anyone come across this?

  10. #10

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    I suspect it's either a time sync problem or a DNS error. Can you check these are working ok?



SHARE:
+ Post New Thread

Similar Threads

  1. Trust Relationships and DeepFreeze
    By AdamWilden in forum How do you do....it?
    Replies: 6
    Last Post: 4th February 2008, 12:16 PM
  2. Could you trust this website?
    By PEO in forum General Chat
    Replies: 4
    Last Post: 25th November 2007, 02:34 PM
  3. DNS Problem - Domain Trust
    By mortstar in forum Wireless Networks
    Replies: 2
    Last Post: 17th August 2007, 11:19 AM
  4. Trust Help
    By Ric_ in forum Windows
    Replies: 7
    Last Post: 20th October 2005, 07:03 PM
  5. I don't trust my trusts
    By Ric_ in forum Windows
    Replies: 15
    Last Post: 12th October 2005, 02:46 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •