Your question, your audience. Choose who sees your identity—and your question—with question security.
Solved
Set up a trust between two 2003 domains
Posted on 2006-07-18
I am trying to set up a trust between two Sever 2003 domains. I have full control over both, and each server is sitting here with me. I have DNS up and running on both, (maybe improperly configured), and I can ping each from the other by name and IP. Here's my problem: When setting up the trust, I get to the point where you are prompted to enter the domain name. I enter, a couple seconds go bu, and the next screen comes up saying "The name you specified is not a valid Windows domain name". What gives?
Some helpful info for answers:
1.) I can reload one, or both machines, if necessary.
2.) I can uninstall AD, or DNS, or do whatever else might be needed to get this working.
3.) Step-by-step instructions would be nice. I have two MS guides that I have followed, but keep getting stuck at the same point. I also look over this site before posting, but didn't find anything that helped me.
Some helpful info for answers:
1.) I can reload one, or both machines, if necessary.
2.) I can uninstall AD, or DNS, or do whatever else might be needed to get this working.
3.) Step-by-step instructions would be nice. I have two MS guides that I have followed, but keep getting stuck at the same point. I also look over this site before posting, but didn't find anything that helped me.
-
6
-
5
11 Comments
Active today
Make sure the machines in both domains are using *only* their own DCs/DNS servers as DNS servers in TCP/IP (no ISP DNS, no DNS of the other domain!).
In domain A, create a secondary zone for domain B, allow zone transfers to domain A's DNS in domain B.
In domain B, create a secondary zone for domain A, allow zone transfers to domain B's DNS in domain A.
Let the zones replicate, create the trust using the FQDN names of the domains (not the NetBIOS names).
In domain A, create a secondary zone for domain B, allow zone transfers to domain A's DNS in domain B.
In domain B, create a secondary zone for domain A, allow zone transfers to domain B's DNS in domain A.
Let the zones replicate, create the trust using the FQDN names of the domains (not the NetBIOS names).
Both domains are using the server's IP for DNS.
I tried to create the secondary zones, but get the error message: "Zone not loaded by DNS server" and a red x appears when I click on the new zone.
Is there a chance my initial DNS settings are not correct, and *that* is what causing the issues? I remember this being relatively simple the last time I did it....
I tried to create the secondary zones, but get the error message: "Zone not loaded by DNS server" and a red x appears when I click on the new zone.
Is there a chance my initial DNS settings are not correct, and *that* is what causing the issues? I remember this being relatively simple the last time I did it....
Active today
If the zone can't be loaded, it's likely that zone transfers for the zones aren't allowed. Check that in the properties of the zones, zone transfers to the secondary DNS server are allowed.
Nothing concrete in the event logs. Just reiterations of the errors I'm getting.
One domain is behind a Linksys RV082, with ports opened for VPN, RDP, and ICMP
The other is behind a Netgear FVS328, with only the most basic modifications from default settings.
Does that help?
One domain is behind a Linksys RV082, with ports opened for VPN, RDP, and ICMP
The other is behind a Netgear FVS328, with only the most basic modifications from default settings.
Does that help?
Active today
I'm assuming you have a VPN between domain A and domain B? Any ports blocked there (especially 53 for DNS)?
In domain A, can you run
nslookup fqdn.of.some.machine.in.do
(for example "nsloookup dcb.domainb.local 192.168.2.1")
Do the same for domain B.
If that works, you can try it with conditional forwarding for each domain (in the forwarders tab).
In domain A, can you run
nslookup fqdn.of.some.machine.in.do
(for example "nsloookup dcb.domainb.local 192.168.2.1")
Do the same for domain B.
If that works, you can try it with conditional forwarding for each domain (in the forwarders tab).
Okay, I set up the VPN's and followed your further instructions. I am still getting the same error on both machines. Maybe I should start over. Only one of the domains has been functioning, they other one is new. However, I could uninstall DNS on each, if that's where the problem lies. I can even reload one DC, or both, if need be. Can you explain to me how this should be set up, from the beginning?
Active today
Unless you have serious problems (check the event logs), there should be no need to reinstall those domains. DNS usually can be fixed without reinstalling.
Here are some general links on how to configure DNS in an AD domain:
10 DNS Errors That Will Kill Your Network
http://mcpmag.com/features/article.asp?EditorialsID=413
Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382
Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036
How to Verify the Creation of SRV Records for a Domain Controller
http://support.microsoft.com/?kbid=241515
SRV Resource Records May Not Be Created on Domain Controller
http://support.microsoft.com/?kbid=239897
How Domain Controllers Are Located in Windows XP
http://support.microsoft.com/?kbid=314861
What you need to create a trust is a two-sided full name resolution for the two domains. This can either happen with a replicated secondary zone (a bit faster) or conditional forwarding. Either requires allowing connection to port 53 in the other domain.
The first thing to get to work is a manual lookup of dns names in the other domain using nslookup as described above.
Here are some general links on how to configure DNS in an AD domain:
10 DNS Errors That Will Kill Your Network
http://mcpmag.com/features/article.asp?EditorialsID=413
Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382
Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036
How to Verify the Creation of SRV Records for a Domain Controller
http://support.microsoft.com/?kbid=241515
SRV Resource Records May Not Be Created on Domain Controller
http://support.microsoft.com/?kbid=239897
How Domain Controllers Are Located in Windows XP
http://support.microsoft.com/?kbid=314861
What you need to create a trust is a two-sided full name resolution for the two domains. This can either happen with a replicated secondary zone (a bit faster) or conditional forwarding. Either requires allowing connection to port 53 in the other domain.
The first thing to get to work is a manual lookup of dns names in the other domain using nslookup as described above.
Featured Post
Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.
One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Join & Write a Comment Already a member? Login.
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Watch the working video to know how to import Outlook PST/OST files to Amazon WorkMail. Kernel released this tool which is very easy to use and migrate single or multiple PST and OST files to Amazon WorkMail. To know more about Kernel Import PST to …
Watch the software video of Kernel Import PST to Office 365 tools which can easily import PST and OST files to Office 365 for bulk mailboxes. The process of migration is simple and user can map source and destination mailboxes and easily import data…
Suggested Courses
Course of the Month4 days, 7 hours left to enroll
589 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.