Solved

Unable to create trust relationship btwn 2 windows 2000 advanced server

Posted on 2004-08-09
9
752 Views
Last Modified: 2010-04-12
HELP!

I am trying to get my trust relationship to work btwn my existing domain to a newly created one.

While on my current domain controller when i add the trust relationship of the new domain i get the following error:

The newdomainname cannot be contacted.  If this domain is a windows domain, the trust cannot be setup unitl the domain is contacted.  Click canecl and try again later.  If this is an interoperable non-windows Kerberos realm and you want to set up this side of the trust click ok.  

what's wierd is i dont get this msg on the newly created domain.  it just says something about cannnot verify or validate at this time.  another thing, while on the newdc, i can access my currentdc by typing  \\currentdc machine.  accessable only one way - kinda.

i'm checking out article #Q312003 and just added WINS but still nothing.
note1: when trying to ping the newdcname, it returns back w/a different ip than on the actual newdc.
note2:testing the newdc on a virtual server running vmware.

Thanks for any other pointers you may have.

ST
0
Comment
Question by:ststst
  • 5
  • 3
9 Comments
 
LVL 3

Expert Comment

by:_treySter
ID: 11756401
Windows 2000 relies on DNS heavily.  Check your DNS setup on BOTH servers and make sure there are entreis for both host names.
0
 
LVL 22

Expert Comment

by:Paka
ID: 11756589
The problem could be in many places.  As treySter pointed out DNS is the main name resolution system for W2K.  Check and double check DNS to make sure there are no problems.  Your wrong IP could be a manually created A record in your zone.  After that, make sure you don't have any entries in your HOSTS and LMHOSTS files.  Finally, check your WINS to see what it has for registrations.  (Bring up WINS, search for records like the NetBIOS name of your servers (real and VMWare).
0
 

Author Comment

by:ststst
ID: 11756797
Treyster

i tried adding the host to the currentdc's DNS and it defaults to newdc.currentdc.com.  is that the way its supposed to be?  Same issue on newdc.

ST
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 

Author Comment

by:ststst
ID: 11756955
Paka,

WIns on my currentdc shows the newdc w/the wrong ip address.  how can i clear/change the wins ip info?

ST
0
 

Author Comment

by:ststst
ID: 11757018
Paka,
one other note, when i look in wins on the newdc, the currentdc does not show.

ST
0
 
LVL 3

Accepted Solution

by:
_treySter earned 250 total points
ID: 11757383
If they are two different domains then you need an additional forward lookup zone for the newdc on the currentdc's DNS.
0
 

Author Comment

by:ststst
ID: 11757663
I'm assuming i would need to do on both domain/DNS? and also which option to choose, Active dir-integrated, standard primary, or std 2ndary?

thanks.

ST
0
 

Author Comment

by:ststst
ID: 11758063
HEY HEY HEY!!  
Just added forward zone to both using AD integ and it got validated.

thanks so much for your help!!

ST
0
 
LVL 3

Expert Comment

by:_treySter
ID: 11758547
Glad you got it! -_treySter
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question