Solved

Domain Trusting

Posted on 2006-11-02
3
1,332 Views
Last Modified: 2008-01-09
Hi, Experts

We currently have 1 forest 1 domain and 2 domain controller, both dc are using windows server 2000
we just buy a new server with windows server 2003 r2 we want to create a new domain in the same forest
and create a trust relationship 2 ways, after I install windows 2003 r2 on the new computer already
I promote it up as a dc with dns and dhcp running then I try to create a trust relationship it said successful
now I try to verify it on the SERVER2 it said " The secure channel reset on DC of SERVER1 of domain DOMAIN1 to DOMAIN2
failed with error: there are currently no logon service avaliable to service the logon request. now it give me option to reset the trust password or not
I try to reset it, then it still say " The trust cannot be repaired because there are current;y no logon server avaliable to service the logon request."

when I try login from workstation now I see DOMAIN1 and DOMAIN2 for choosing to login
if I choose DOMAIN2 (the new one that we create) it said Domain is not avaliable

please advice what should I do?
Thank you
0
Comment
Question by:npanprome
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 5

Accepted Solution

by:
MarkusKolbeck earned 500 total points
ID: 17865081
first, the trust relationship between domains in the same forest are always created - in both ways.
so, you needn't create the trust relationship manually as it is already in place (in the same forest).

I guess you have a DNS issue here.

make sure that DNS name resolution works.

the DNS server hosting the DNS zone for the "forest root domain" (it is the W2K domain I assume) must be available for all domain controllers (those in the root domain (W2K) and the W2K3 R2 domain.

try the following:
- designate a single DNS Server (no matter which one)
____________________________________
IF NOT ALREADY CONFIGURED:
- create a dynamic dns zone with the name of your root domain (allow dynamic updates) on that server

- In case you created a sub domain:
    - create a new sub domain DNS zone underneath the root DNS zone with the name of your sub domain (allow dynamic updates) on that server
- In case you created a new tree:
    - create a new DNS zone with the name of your other domain (allow dynamic updates) on that server

- make sure that the subfolders are deleted (you can create them later automatically):
   _msdcs
   _sites
   _tcp
   _upd
____________________________________

- configure the TCP/IP settings of all DCs to use that domain controller as primary DNS server
    - make sure that the TCP/IP settings are set to register with dns and the name resolution uses the primary DNS suffix and parent DNS suffixes

- run an "ip config /registerdns" on all DCs and make sure they are added to the zone (if not, create them manually)

- restart the "netlogon" service on all DCs and make sure the DNS sub folders are created automatically
   _msdcs
   _sites
   _tcp
   _upd

- configure your domain clients to use that designated DNS server

Let me know if that helps.

ATB
Markus
0
 
LVL 1

Author Comment

by:npanprome
ID: 17868379
Hi Markus,

I'm sorry I misunderstand the process here, as I confirm DOMAINA and DOMAINB is in the different forest. and they trying to create the trust relationship
between them, please advice

Thanks
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17871075
You said you wanted to create a new domain in the same forest in your original post.  If this is what was done then the Trusts are automatic and transitive by default because the servers are in the same forest - this is what Markus already explained.

If you indeed have 2 different forests now instead of a new domain in the same forest, then you need to create 2 - one-way trusts between the Root DCs in each forest.  This would be the very first server in each forest.

This type of trust is not automatic and is called an External or Forest Trust.

This page has links to performing this: http://technet2.microsoft.com/WindowsServer/en/library/15dfdd7f-3a7f-4d6f-a2b0-569462fb44321033.mspx?mfr=true

0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question