Weird forest trust / access denied issue
Posted on 2006-04-10
I've just setup a 2nd forest to test disaster recovery procedures for an exchange server. Everything seems ok, but I have one share which I'm unable to access from the test network.
Now I have 2 forests, each containing a single domain. Trusts have been setup in both directions for these domains. I've also configured each DNS server to act as a secondary server for the other domain. Net result: I can assign permissions quite happily to any account on either domain.
Problem: One particular share is inaccessible from the test server. Since this contains the source for exchange 2000 server, this presented a bit of a problem. I've tried adding specific users or groups from the test network onto that share. I've checked share and NTFS permissions. I've even tried adding users from the test network into the users account on that machine. Nothing seems to work. I'm doing all this from the Administrator account on the test network.
Now, bizarely, I've just found that I'm able to access the C$ share. This works for the server giving me problems, and my own machine. So it appears the admin on the test network has domain admin rights on the live network.
This does give me a work around for my problem, but I'd still really, really love to know why I still get an access denied error for this particular share when C$ works fine...