Announcement

**cmccullough** · 01-20-2003, 07:08 AM

Re: Adding W2K AD Domain

What is the exact error you are getting? Also, what did you enter when creating this domain entry?

**Guest** · 01-21-2003, 03:31 AM

Re: Adding W2K AD Domain

While adding my 2nd W2K AD domain I get the followimg error...

Unable to access Active Directory Path
LDAP://itscitrixprod Logon Failure: unkown username or bad password --Extended Error--- LDAP Provider :8009030c: LdapErr SID-0c0903e2, Comment AcceptSecurityContext error, data0 v893

**cmccullough** · 01-21-2003, 05:02 AM

Re: Adding W2K AD Domain

This sounds like you aren't authenticating in that domain for some reason. Hyena doesn't have any control over this, but rather depends on Windows to manage it.

**Guest** · 01-22-2003, 01:02 AM

Re: Adding W2K AD Domain

I'm using hyena to manage four NT 4 domains and 1 Win 2K AD domain with no probs.... Can't understand why I can't add the 2nd Win 2K AD.
I've rebuilt it three times now.... same prob every time.

**cmccullough** · 01-22-2003, 04:58 AM

Re: Adding W2K AD Domain

Are you able to administer it from MMC on your computer?

**Guest** · 01-22-2003, 11:42 PM

Re: Adding W2K AD Domain

yea I can use the MMC ..... I given up on it now

**Guest** · 01-23-2003, 07:34 AM

Re: Adding W2K AD Domain

I have the same problem as well with 2 of my 4 AD domains. I can't get authenticated because I can't see the servers in Hyena to logon to. No servers - no logon; no logon - no servers. Catch 22.

In my case, my workstation is logged onto an NT 4.0 domain, but I can still administer the 2 AD domains that are local to my site. The remote AD domains refuse to let me browse the domain so I can log in. I can see the members of the domain in Windows Explorer.

**cmccullough** · 01-23-2003, 07:59 AM

Re: Adding W2K AD Domain

As a test, go to File->Manage Object View and click the New button. Change the Type drop-down to Windows 2000 Domain Controller, then enter the Name and Computer Path for a domain controller in one of these problem domains.

Click Add and then OK. You should now see the new object that you added. Right-click on it and choose Logon As, and supply credentials for that domain.

If you get no errors, see if you are able to expand it and manage the controller. If that works, try expanding the domain object again and see if it lets you expand it.

**Guest** · 01-23-2003, 08:43 AM

Re: Adding W2K AD Domain

This changed the error from the one above to "The security could not be established due a failure in the requested quality of service (e.g., mutual authentication or delegation)." the first time I tried to acces the Servers container. The second time I got: "Unable to access Active Directory path LDAP://x.x.x.x. Unknown username or pad password." with an extended error after it.

I know I'm authenticated on the one server because I can connect to the registry on the that server.

**cmccullough** · 01-23-2003, 02:14 PM

Re: Adding W2K AD Domain

Apparently, the Logon As option does not really work for Windows 2000 as it does other authentication mechanisms.

At this point, the only option would be to use an account with the same username/password as what you are logged in with.

Microsoft has not really put into place a method to authenticate externally to Active Directory.