Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

Trust works then quits

Avatar of HunTelWebProgrammer
HunTelWebProgrammerFlag for United States of America asked on
Windows Server 2003
4 Comments1 Solution247 ViewsLast Modified:
I have a one way trust in place between 2 domains on same gateway.  Domain A is 2000 mixed mode, in the DMZ and Domain B is 2003 native mode in the intranet.  I made a firewall rule to allow communication between the 2 DCs in Domain A to see the 2 DCs in Domain B.  The trust is one way non-transitive with Domain A being the trusting domain and Domain B the Trusted.  I also added to each DC, eachothers DNS servers as forwarders so they can see eachothers AD DNS.  That works fine.  Ping server1.DomainA.com from Domain B and it sees it and vice-versa.  Then, I created the trust from Domain B and it worked slick, perfect.  Now, I can add users from Domain B to Domain A perfectly.  It works great (mostly).  I have a web server in Domain A and I add users to NTFS permissions and I can see Domain B users just fine.  Add them and everything.  I tested it yesterday to locked pages in IIS in Domain A with users added from Domain B and it worked perfectly.  Now, here is the tricky part.  Today, I cannot log onto the secured web pages in Domain A with users from Domain B.  I can SEE the users still in the NTFS permissions, but when I go to log on as one, Access Denied.  My questions is this, I just have it set in the firewall to allow the 2 DCs from each domain to have all ports open.  Do I have to allow each server on Domain A to have all ports open to the 2 DCs in Domain B?  When it does a Master Browser election, does whatever server that is HAVE to be able to see the DCs on the other side or just it's local DCs?
THis one is tough.
Avatar of strongline

Our community of experts have been thoroughly vetted for their expertise and industry experience.

This problem has been solved!
Unlock 1 Answer and 4 Comments.
See Answers