Domain Trusting

Hi, Experts

We currently have 1 forest 1 domain and 2 domain controller, both dc are using windows server 2000
we just buy a new server with windows server 2003 r2 we want to create a new domain in the same forest
and create a trust relationship 2 ways, after I install windows 2003 r2 on the new computer already
I promote it up as a dc with dns and dhcp running then I try to create a trust relationship it said successful
now I try to verify it on the SERVER2 it said " The secure channel reset on DC of SERVER1 of domain DOMAIN1 to DOMAIN2
failed with error: there are currently no logon service avaliable to service the logon request. now it give me option to reset the trust password or not
I try to reset it, then it still say " The trust cannot be repaired because there are current;y no logon server avaliable to service the logon request."

when I try login from workstation now I see DOMAIN1 and DOMAIN2 for choosing to login
if I choose DOMAIN2 (the new one that we create) it said Domain is not avaliable

please advice what should I do?
Thank you
LVL 1
npanpromeAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
MarkusKolbeckConnect With a Mentor Commented:
first, the trust relationship between domains in the same forest are always created - in both ways.
so, you needn't create the trust relationship manually as it is already in place (in the same forest).

I guess you have a DNS issue here.

make sure that DNS name resolution works.

the DNS server hosting the DNS zone for the "forest root domain" (it is the W2K domain I assume) must be available for all domain controllers (those in the root domain (W2K) and the W2K3 R2 domain.

try the following:
- designate a single DNS Server (no matter which one)
____________________________________
IF NOT ALREADY CONFIGURED:
- create a dynamic dns zone with the name of your root domain (allow dynamic updates) on that server

- In case you created a sub domain:
    - create a new sub domain DNS zone underneath the root DNS zone with the name of your sub domain (allow dynamic updates) on that server
- In case you created a new tree:
    - create a new DNS zone with the name of your other domain (allow dynamic updates) on that server

- make sure that the subfolders are deleted (you can create them later automatically):
   _msdcs
   _sites
   _tcp
   _upd
____________________________________

- configure the TCP/IP settings of all DCs to use that domain controller as primary DNS server
    - make sure that the TCP/IP settings are set to register with dns and the name resolution uses the primary DNS suffix and parent DNS suffixes

- run an "ip config /registerdns" on all DCs and make sure they are added to the zone (if not, create them manually)

- restart the "netlogon" service on all DCs and make sure the DNS sub folders are created automatically
   _msdcs
   _sites
   _tcp
   _upd

- configure your domain clients to use that designated DNS server

Let me know if that helps.

ATB
Markus
0
 
npanpromeAuthor Commented:
Hi Markus,

I'm sorry I misunderstand the process here, as I confirm DOMAINA and DOMAINB is in the different forest. and they trying to create the trust relationship
between them, please advice

Thanks
0
 
Netman66Commented:
You said you wanted to create a new domain in the same forest in your original post.  If this is what was done then the Trusts are automatic and transitive by default because the servers are in the same forest - this is what Markus already explained.

If you indeed have 2 different forests now instead of a new domain in the same forest, then you need to create 2 - one-way trusts between the Root DCs in each forest.  This would be the very first server in each forest.

This type of trust is not automatic and is called an External or Forest Trust.

This page has links to performing this: http://technet2.microsoft.com/WindowsServer/en/library/15dfdd7f-3a7f-4d6f-a2b0-569462fb44321033.mspx?mfr=true

0
All Courses

From novice to tech pro — start learning today.