Trust relationship failing between 2003 and 2000 servers

I have 2 new Windows 2003 member servers in a Windows 2000 domain. I was
having some issues with Front Page where users couldn't logon using domain
user accounts so I popped the hood, so to speak.
Netdiag says the following:
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Failed
'ONLINE': No DCs are up.
Trust relationship test. . . . . . : Failed
'ONLINE': No DCs are up (Cannot run test).
[FATAL] Secure channel to domain 'ONLINE' is broken.
[ERROR_NO_LOGON_SERVERS]
Kerberos test. . . . . . . . . . . : Failed
[FATAL] Kerberos does not have a ticket for
host/ptdata25.online.2000.
LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'onlinedc.online.2000'.
[WARNING] Failed to query SPN registration on DC
'onlinedc2.online.2000'.

The 2003 servers were able to join the 200 domain without incident and I can
logon locally as a 2000 domain administrator.
The 2003 servers use the 2000 DC as their DNS server and NSLookup seems to
work fine with this DNS server
However when I try to ping the DC by name I get :
C:\Program Files\Support Tools>ping onlinedc.online.2000
Ping request could not find host onlinedc.online.2000. Please check the name
and
try again.

If I ping by IP it's OK or if a do a ping -a it responds with the correct
name.

I can add domain user acounts to a resource and they appear correctly but
when I click OK or apply the names change to SIDs. Ultimately I cannot
access resources using domain accounts.

Any thoughts ?

Thanks

Paul

Have you attempted to reset the secure channel?
NLTEST /SC_RESET:FQDNofdomain


--
Glenn L
CCNA, MCSE 2000/2003 + Security

"climberpm" <hostmaster@online2000.net> wrote in message
news:ywkDd.34707$NC6.26143@newsread1.mlpsca01.us.to.verio.net...
>I have 2 new Windows 2003 member servers in a Windows 2000 domain. I was
>having some issues with Front Page where users couldn't logon using domain
>user accounts so I popped the hood, so to speak.
> Netdiag says the following:
> DC discovery test. . . . . . . . . : Passed
> DC list test . . . . . . . . . . . : Failed
> 'ONLINE': No DCs are up.
> Trust relationship test. . . . . . : Failed
> 'ONLINE': No DCs are up (Cannot run test).
> [FATAL] Secure channel to domain 'ONLINE' is broken.
> [ERROR_NO_LOGON_SERVERS]
> Kerberos test. . . . . . . . . . . : Failed
> [FATAL] Kerberos does not have a ticket for
> host/ptdata25.online.2000.
> LDAP test. . . . . . . . . . . . . : Passed
> [WARNING] Failed to query SPN registration on DC
> 'onlinedc.online.2000'.
> [WARNING] Failed to query SPN registration on DC
> 'onlinedc2.online.2000'.
>
> The 2003 servers were able to join the 200 domain without incident and I
> can logon locally as a 2000 domain administrator.
> The 2003 servers use the 2000 DC as their DNS server and NSLookup seems to
> work fine with this DNS server
> However when I try to ping the DC by name I get :
> C:\Program Files\Support Tools>ping onlinedc.online.2000
> Ping request could not find host onlinedc.online.2000. Please check the
> name and
> try again.
>
> If I ping by IP it's OK or if a do a ping -a it responds with the correct
> name.
>
> I can add domain user acounts to a resource and they appear correctly but
> when I click OK or apply the names change to SIDs. Ultimately I cannot
> access resources using domain accounts.
>
> Any thoughts ?
>
> Thanks
>
> Paul
>

Have you attempted to reset the secure channel?
NLTEST /SC_RESET:FQDNofdomain


--
Glenn L
CCNA, MCSE 2000/2003 + Security

"climberpm" <hostmaster@online2000.net> wrote in message
news:ywkDd.34707$NC6.26143@newsread1.mlpsca01.us.to.verio.net...
>I have 2 new Windows 2003 member servers in a Windows 2000 domain. I was
>having some issues with Front Page where users couldn't logon using domain
>user accounts so I popped the hood, so to speak.
> Netdiag says the following:
> DC discovery test. . . . . . . . . : Passed
> DC list test . . . . . . . . . . . : Failed
> 'ONLINE': No DCs are up.
> Trust relationship test. . . . . . : Failed
> 'ONLINE': No DCs are up (Cannot run test).
> [FATAL] Secure channel to domain 'ONLINE' is broken.
> [ERROR_NO_LOGON_SERVERS]
> Kerberos test. . . . . . . . . . . : Failed
> [FATAL] Kerberos does not have a ticket for
> host/ptdata25.online.2000.
> LDAP test. . . . . . . . . . . . . : Passed
> [WARNING] Failed to query SPN registration on DC
> 'onlinedc.online.2000'.
> [WARNING] Failed to query SPN registration on DC
> 'onlinedc2.online.2000'.
>
> The 2003 servers were able to join the 200 domain without incident and I
> can logon locally as a 2000 domain administrator.
> The 2003 servers use the 2000 DC as their DNS server and NSLookup seems to
> work fine with this DNS server
> However when I try to ping the DC by name I get :
> C:\Program Files\Support Tools>ping onlinedc.online.2000
> Ping request could not find host onlinedc.online.2000. Please check the
> name and
> try again.
>
> If I ping by IP it's OK or if a do a ping -a it responds with the correct
> name.
>
> I can add domain user acounts to a resource and they appear correctly but
> when I click OK or apply the names change to SIDs. Ultimately I cannot
> access resources using domain accounts.
>
> Any thoughts ?
>
> Thanks
>
> Paul
>

Have you attempted to reset the secure channel?
NLTEST /SC_RESET:FQDNofdomain


--
Glenn L
CCNA, MCSE 2000/2003 + Security

"climberpm" <hostmaster@online2000.net> wrote in message
news:ywkDd.34707$NC6.26143@newsread1.mlpsca01.us.to.verio.net...
>I have 2 new Windows 2003 member servers in a Windows 2000 domain. I was
>having some issues with Front Page where users couldn't logon using domain
>user accounts so I popped the hood, so to speak.
> Netdiag says the following:
> DC discovery test. . . . . . . . . : Passed
> DC list test . . . . . . . . . . . : Failed
> 'ONLINE': No DCs are up.
> Trust relationship test. . . . . . : Failed
> 'ONLINE': No DCs are up (Cannot run test).
> [FATAL] Secure channel to domain 'ONLINE' is broken.
> [ERROR_NO_LOGON_SERVERS]
> Kerberos test. . . . . . . . . . . : Failed
> [FATAL] Kerberos does not have a ticket for
> host/ptdata25.online.2000.
> LDAP test. . . . . . . . . . . . . : Passed
> [WARNING] Failed to query SPN registration on DC
> 'onlinedc.online.2000'.
> [WARNING] Failed to query SPN registration on DC
> 'onlinedc2.online.2000'.
>
> The 2003 servers were able to join the 200 domain without incident and I
> can logon locally as a 2000 domain administrator.
> The 2003 servers use the 2000 DC as their DNS server and NSLookup seems to
> work fine with this DNS server
> However when I try to ping the DC by name I get :
> C:\Program Files\Support Tools>ping onlinedc.online.2000
> Ping request could not find host onlinedc.online.2000. Please check the
> name and
> try again.
>
> If I ping by IP it's OK or if a do a ping -a it responds with the correct
> name.
>
> I can add domain user acounts to a resource and they appear correctly but
> when I click OK or apply the names change to SIDs. Ultimately I cannot
> access resources using domain accounts.
>
> Any thoughts ?
>
> Thanks
>
> Paul
>