Link to home
Create AccountLog in
Avatar of ArzuGould
ArzuGould

asked on

Creating a domain trust

We have 2 seperate domains which are in seperate forests. They are not in the same Domain namespace. They are physically in the same network. Both domains are Windows 2003 domains. I have the administrator privilages in both domains. I would like to create 2 way trust between the 2 domains. When I start the wizard on Domain A and type the DNS name for  Domain B, it says "The name you specified is not a valid Windows domain name. Is the specified name a Kerberos V5 realm?". When I retype the DNS domain name for the Domain B the wizard says cannot continue: ""the new trust wizard cannot continue because the specified domain cannot be contacted".
When I attemp to create the trust from Domain B, it went  through and created the trust. And now I can see it on Domain A's trusted domains list.
I would like to know if the reason not allowing me to do it from Domain A WILL cause some other problems when we need the trust to work. So I would like to find out what might have caused that. I thought this was a DNS issue.
Any comments are appreciated.
Thanks
Avatar of smilerz
smilerz
Flag of United States of America image

Can the server that is having the issue resolve the DNS domain name of the other domain?
Avatar of ArzuGould
ArzuGould

ASKER

No. That is the problem. I can ping domain A from Domain B, but cannot do the opposite. DNS settings look the same.
Both servers are using the same DNS servers?
Both domain has their own DNS servers. But they also have each other's DNS as the alternative DNS servers.
The only difference between their TCP/IP DNS settings is: Domain A has the Symantec gateway's IP address as the alternate DNS server (for Internet name resolution) , but it has Domain B's IP address listed under  the Advanced TCP/IP properties DNS tab. Domain B does not have the gateway's IP address as the alternate DNS server
OK, what you need to do is either:
1) transfer the zones between the DNS servers
2) setup a forwarded so that DNS requests are sent to the proper DNS server
Yes, I did not want to transfer the zones so I set up the forwarders on Domain  A to forward queries for the names in Domain B to the Domain B's DNS server. Now I can ping Domain B.

But for me questions still remains why it did not resolve with Domain B's DNS IP address was listed under the Advanced TCP/IP settings-->DNS tab. The only reason I can think of is that it is trying to append primary and connection specific DNS suffixes.

IS it a better practice to configure that settings under Advanced TCP/IP properties instead of using forwarders?

Thanks
ASKER CERTIFIED SOLUTION
Avatar of smilerz
smilerz
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer