Remember me writing about not being able to promote a new DC into the forest as an additional DC for an existing domoain or as a DC for a new child domain? (read more about it at: http://blogs.dirteam.com/blogs/jorge/archive/2005/11/14/60.aspx)

Well, I found another one!

This time the environment is (again in VMware Workstation 5.x):

W2K3 Forest 1: ADCORP.LAN

1 DC = GC = DNS (pointing to itself)

DC name: ROOTDC01

Default administrator password: adcorp

W2K3 Forest 2: OTHERCORP.LAN

1 DC = GC = DNS (pointing to itself)

DC name: ROOTDC02

Default administrator password: othercorp

 

This time I tried to create an external trust and after that a forest trust...

After I entered the target domain name for the trust it says:

<QUOTE>

Cannot continue

the trust relationship cannot be created because the following error occured:

The Local Security Authority is unable to obtain an RPC connection to the domain controller <FQDN DC>. Please check that the name can be resolved and that the server is available

</QUOTE>

And again DNS name resolution (no NetBIOS) between both forest was setup with forwarding and it worked!

This time I immediately went for the network trace. This is what I found again:

-------------------------------------

SMB (Server Message Block Protocol)
     SMB Header
          Server Component: SMB
          SMB Command: Session Setup AndX (0x73)
          NT Status: STATUS_LOGON_FAILURE (0xc000006d)     <-------------------------!!!!!!!!!!!!

-------------------------------------

I changed the password of one of the default administrator to match the other, and again it worked and I was able to create a trust.

 

I'm still wondering what is causing this...