Solved

Domain Trusting

Posted on 2006-11-02
3
1,323 Views
Last Modified: 2008-01-09
Hi, Experts

We currently have 1 forest 1 domain and 2 domain controller, both dc are using windows server 2000
we just buy a new server with windows server 2003 r2 we want to create a new domain in the same forest
and create a trust relationship 2 ways, after I install windows 2003 r2 on the new computer already
I promote it up as a dc with dns and dhcp running then I try to create a trust relationship it said successful
now I try to verify it on the SERVER2 it said " The secure channel reset on DC of SERVER1 of domain DOMAIN1 to DOMAIN2
failed with error: there are currently no logon service avaliable to service the logon request. now it give me option to reset the trust password or not
I try to reset it, then it still say " The trust cannot be repaired because there are current;y no logon server avaliable to service the logon request."

when I try login from workstation now I see DOMAIN1 and DOMAIN2 for choosing to login
if I choose DOMAIN2 (the new one that we create) it said Domain is not avaliable

please advice what should I do?
Thank you
0
Comment
Question by:npanprome
3 Comments
 
LVL 5

Accepted Solution

by:
MarkusKolbeck earned 500 total points
Comment Utility
first, the trust relationship between domains in the same forest are always created - in both ways.
so, you needn't create the trust relationship manually as it is already in place (in the same forest).

I guess you have a DNS issue here.

make sure that DNS name resolution works.

the DNS server hosting the DNS zone for the "forest root domain" (it is the W2K domain I assume) must be available for all domain controllers (those in the root domain (W2K) and the W2K3 R2 domain.

try the following:
- designate a single DNS Server (no matter which one)
____________________________________
IF NOT ALREADY CONFIGURED:
- create a dynamic dns zone with the name of your root domain (allow dynamic updates) on that server

- In case you created a sub domain:
    - create a new sub domain DNS zone underneath the root DNS zone with the name of your sub domain (allow dynamic updates) on that server
- In case you created a new tree:
    - create a new DNS zone with the name of your other domain (allow dynamic updates) on that server

- make sure that the subfolders are deleted (you can create them later automatically):
   _msdcs
   _sites
   _tcp
   _upd
____________________________________

- configure the TCP/IP settings of all DCs to use that domain controller as primary DNS server
    - make sure that the TCP/IP settings are set to register with dns and the name resolution uses the primary DNS suffix and parent DNS suffixes

- run an "ip config /registerdns" on all DCs and make sure they are added to the zone (if not, create them manually)

- restart the "netlogon" service on all DCs and make sure the DNS sub folders are created automatically
   _msdcs
   _sites
   _tcp
   _upd

- configure your domain clients to use that designated DNS server

Let me know if that helps.

ATB
Markus
0
 
LVL 1

Author Comment

by:npanprome
Comment Utility
Hi Markus,

I'm sorry I misunderstand the process here, as I confirm DOMAINA and DOMAINB is in the different forest. and they trying to create the trust relationship
between them, please advice

Thanks
0
 
LVL 51

Expert Comment

by:Netman66
Comment Utility
You said you wanted to create a new domain in the same forest in your original post.  If this is what was done then the Trusts are automatic and transitive by default because the servers are in the same forest - this is what Markus already explained.

If you indeed have 2 different forests now instead of a new domain in the same forest, then you need to create 2 - one-way trusts between the Root DCs in each forest.  This would be the very first server in each forest.

This type of trust is not automatic and is called an External or Forest Trust.

This page has links to performing this: http://technet2.microsoft.com/WindowsServer/en/library/15dfdd7f-3a7f-4d6f-a2b0-569462fb44321033.mspx?mfr=true

0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Learn about cloud computing and its benefits for small business owners.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now