I have a one way trust in place between 2 domains on same gateway. Domain A is 2000 mixed mode, in the DMZ and Domain B is 2003 native mode in the intranet. I made a firewall rule to allow communication between the 2 DCs in Domain A to see the 2 DCs in Domain B. The trust is one way non-transitive with Domain A being the trusting domain and Domain B the Trusted. I also added to each DC, eachothers DNS servers as forwarders so they can see eachothers AD DNS. That works fine. Ping server1.DomainA.com from Domain B and it sees it and vice-versa. Then, I created the trust from Domain B and it worked slick, perfect. Now, I can add users from Domain B to Domain A perfectly. It works great (mostly). I have a web server in Domain A and I add users to NTFS permissions and I can see Domain B users just fine. Add them and everything. I tested it yesterday to locked pages in IIS in Domain A with users added from Domain B and it worked perfectly. Now, here is the tricky part. Today, I cannot log onto the secured web pages in Domain A with users from Domain B. I can SEE the users still in the NTFS permissions, but when I go to log on as one, Access Denied. My questions is this, I just have it set in the firewall to allow the 2 DCs from each domain to have all ports open. Do I have to allow each server on Domain A to have all ports open to the 2 DCs in Domain B? When it does a Master Browser election, does whatever server that is HAVE to be able to see the DCs on the other side or just it's local DCs?
THis one is tough.