Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Domain Trusting

Posted on 2006-11-02
3
Medium Priority
?
1,335 Views
Last Modified: 2008-01-09
Hi, Experts

We currently have 1 forest 1 domain and 2 domain controller, both dc are using windows server 2000
we just buy a new server with windows server 2003 r2 we want to create a new domain in the same forest
and create a trust relationship 2 ways, after I install windows 2003 r2 on the new computer already
I promote it up as a dc with dns and dhcp running then I try to create a trust relationship it said successful
now I try to verify it on the SERVER2 it said " The secure channel reset on DC of SERVER1 of domain DOMAIN1 to DOMAIN2
failed with error: there are currently no logon service avaliable to service the logon request. now it give me option to reset the trust password or not
I try to reset it, then it still say " The trust cannot be repaired because there are current;y no logon server avaliable to service the logon request."

when I try login from workstation now I see DOMAIN1 and DOMAIN2 for choosing to login
if I choose DOMAIN2 (the new one that we create) it said Domain is not avaliable

please advice what should I do?
Thank you
0
Comment
Question by:npanprome
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 5

Accepted Solution

by:
MarkusKolbeck earned 2000 total points
ID: 17865081
first, the trust relationship between domains in the same forest are always created - in both ways.
so, you needn't create the trust relationship manually as it is already in place (in the same forest).

I guess you have a DNS issue here.

make sure that DNS name resolution works.

the DNS server hosting the DNS zone for the "forest root domain" (it is the W2K domain I assume) must be available for all domain controllers (those in the root domain (W2K) and the W2K3 R2 domain.

try the following:
- designate a single DNS Server (no matter which one)
____________________________________
IF NOT ALREADY CONFIGURED:
- create a dynamic dns zone with the name of your root domain (allow dynamic updates) on that server

- In case you created a sub domain:
    - create a new sub domain DNS zone underneath the root DNS zone with the name of your sub domain (allow dynamic updates) on that server
- In case you created a new tree:
    - create a new DNS zone with the name of your other domain (allow dynamic updates) on that server

- make sure that the subfolders are deleted (you can create them later automatically):
   _msdcs
   _sites
   _tcp
   _upd
____________________________________

- configure the TCP/IP settings of all DCs to use that domain controller as primary DNS server
    - make sure that the TCP/IP settings are set to register with dns and the name resolution uses the primary DNS suffix and parent DNS suffixes

- run an "ip config /registerdns" on all DCs and make sure they are added to the zone (if not, create them manually)

- restart the "netlogon" service on all DCs and make sure the DNS sub folders are created automatically
   _msdcs
   _sites
   _tcp
   _upd

- configure your domain clients to use that designated DNS server

Let me know if that helps.

ATB
Markus
0
 
LVL 1

Author Comment

by:npanprome
ID: 17868379
Hi Markus,

I'm sorry I misunderstand the process here, as I confirm DOMAINA and DOMAINB is in the different forest. and they trying to create the trust relationship
between them, please advice

Thanks
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17871075
You said you wanted to create a new domain in the same forest in your original post.  If this is what was done then the Trusts are automatic and transitive by default because the servers are in the same forest - this is what Markus already explained.

If you indeed have 2 different forests now instead of a new domain in the same forest, then you need to create 2 - one-way trusts between the Root DCs in each forest.  This would be the very first server in each forest.

This type of trust is not automatic and is called an External or Forest Trust.

This page has links to performing this: http://technet2.microsoft.com/WindowsServer/en/library/15dfdd7f-3a7f-4d6f-a2b0-569462fb44321033.mspx?mfr=true

0

Featured Post

Enroll in September's Course of the Month

This month’s featured course covers 16 hours of training in installation, management, and deployment of VMware vSphere virtualization environments. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question