[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Why Trust Relationship not Working

Posted on 2004-11-24
5
Medium Priority
?
251 Views
Last Modified: 2010-04-10
My company has 2 main offices, one in the United States and one in Europe.  They are in different domains and obviously on different subnets, but they are connected via frame relay.  Let's assume teh US office is Domain A and the Europe office is Domain B.  Basically whenever I access a resource in the other domain it asks me to validate myself, I have an account in each domain and so i log in accordingly and it works fine.  We have one mail server(Exchange 5.5) which sits in the US office, under Domain A.  When a new user is added to the Europe office we have to set them up with a network account both on their domain and the one here and when I add their mailbox I link it to the US account b/c there is no trust relationship setup and thus can't see it.  Basically when I setup their Outlook client over in Europe it works fine but Outlook asks them to first validate themselves on Domain A before it opens up.  This works fine and is not a problem however we wanted to finally setup up a trust between the domains.  I went ahead and setup a bi-directional, or 2 way trust between domains which validated and seemed to work fine b/c now when a user on the Europe side(Domain B) opens up Outlook it no longer asks them to validate and opens right up which is great, except mail does not work.  They can't send or receive.  I assume this is b/c their mailbox is linked to the US account(Domain B).  The problem is when I go to link their mailbox in Exchange to their Domain B account I can not.  The domain itself shows up however when I click on it it sits for a bit then comes up with the error, "unable to browse the selected domain because the following error occured:
The list of servers for this workgroup is not currenly available."  I could really use some help on this one.  Thanks in advance!

0
Comment
Question by:jshb
  • 3
  • 2
5 Comments
 
LVL 17

Expert Comment

by:Jared Luker
ID: 12669442
Back in the day when my work had about a thousand different domains, it made life a lot easier if the username AND password were exactly the same on both side.  If that was the case, once the trust relationship was set up, the user did not have to re-authenticate in order to access resources in the other domain.

Jared
0
 
LVL 17

Expert Comment

by:Jared Luker
ID: 12669457
Just to clearify, I was talking about having the username in the US and EU be the same, and then the passwords to match as well.  I didn't mean that the password had to be the same as the username (just in case that's how you read it).
0
 

Author Comment

by:jshb
ID: 12669505
yes i do have the user names and passwords the same.  The reason I setup the trust was so they no longer would have to authenticate, and like i said it seemed to work b/c outlook did not ask them to authenticate anymore but i think the problem had to do with how the exchange mailbox was linked to the Domain A account and though I now get the choice to choose Domain B from within Exchange, it can't bring up the users due to the error i gave above.  It seems like the general trust is in place and working but that the domain controller in each domain are not communicating or something.  In case I forgot to mention it before both domains run Server 2000, SP 4.  
0
 
LVL 17

Accepted Solution

by:
Jared Luker earned 1500 total points
ID: 12669819
it sounds like it might be a permissions issue.  Now that you have the trust established, you should be able to start to use groups.  Create a group and add the users from the other domain to it, and then give rights to the group.  Try it on a folder for testing purposes.
0
 

Author Comment

by:jshb
ID: 12669839
Did that, well not on a folder but I went in to Active Directory on the DC from Domain A and added the domain admins group from Domain B to the admin group in Domain A so it definitely sees both sides.
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question