npanprome
asked on
Domain Trusting
Hi, Experts
We currently have 1 forest 1 domain and 2 domain controller, both dc are using windows server 2000
we just buy a new server with windows server 2003 r2 we want to create a new domain in the same forest
and create a trust relationship 2 ways, after I install windows 2003 r2 on the new computer already
I promote it up as a dc with dns and dhcp running then I try to create a trust relationship it said successful
now I try to verify it on the SERVER2 it said " The secure channel reset on DC of SERVER1 of domain DOMAIN1 to DOMAIN2
failed with error: there are currently no logon service avaliable to service the logon request. now it give me option to reset the trust password or not
I try to reset it, then it still say " The trust cannot be repaired because there are current;y no logon server avaliable to service the logon request."
when I try login from workstation now I see DOMAIN1 and DOMAIN2 for choosing to login
if I choose DOMAIN2 (the new one that we create) it said Domain is not avaliable
please advice what should I do?
Thank you
We currently have 1 forest 1 domain and 2 domain controller, both dc are using windows server 2000
we just buy a new server with windows server 2003 r2 we want to create a new domain in the same forest
and create a trust relationship 2 ways, after I install windows 2003 r2 on the new computer already
I promote it up as a dc with dns and dhcp running then I try to create a trust relationship it said successful
now I try to verify it on the SERVER2 it said " The secure channel reset on DC of SERVER1 of domain DOMAIN1 to DOMAIN2
failed with error: there are currently no logon service avaliable to service the logon request. now it give me option to reset the trust password or not
I try to reset it, then it still say " The trust cannot be repaired because there are current;y no logon server avaliable to service the logon request."
when I try login from workstation now I see DOMAIN1 and DOMAIN2 for choosing to login
if I choose DOMAIN2 (the new one that we create) it said Domain is not avaliable
please advice what should I do?
Thank you
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You said you wanted to create a new domain in the same forest in your original post. If this is what was done then the Trusts are automatic and transitive by default because the servers are in the same forest - this is what Markus already explained.
If you indeed have 2 different forests now instead of a new domain in the same forest, then you need to create 2 - one-way trusts between the Root DCs in each forest. This would be the very first server in each forest.
This type of trust is not automatic and is called an External or Forest Trust.
This page has links to performing this: http://technet2.microsoft.com/WindowsServer/en/library/15dfdd7f-3a7f-4d6f-a2b0-569462fb44321033.mspx?mfr=true
If you indeed have 2 different forests now instead of a new domain in the same forest, then you need to create 2 - one-way trusts between the Root DCs in each forest. This would be the very first server in each forest.
This type of trust is not automatic and is called an External or Forest Trust.
This page has links to performing this: http://technet2.microsoft.com/WindowsServer/en/library/15dfdd7f-3a7f-4d6f-a2b0-569462fb44321033.mspx?mfr=true
ASKER
I'm sorry I misunderstand the process here, as I confirm DOMAINA and DOMAINB is in the different forest. and they trying to create the trust relationship
between them, please advice
Thanks