ArzuGould
asked on
Creating a domain trust
We have 2 seperate domains which are in seperate forests. They are not in the same Domain namespace. They are physically in the same network. Both domains are Windows 2003 domains. I have the administrator privilages in both domains. I would like to create 2 way trust between the 2 domains. When I start the wizard on Domain A and type the DNS name for Domain B, it says "The name you specified is not a valid Windows domain name. Is the specified name a Kerberos V5 realm?". When I retype the DNS domain name for the Domain B the wizard says cannot continue: ""the new trust wizard cannot continue because the specified domain cannot be contacted".
When I attemp to create the trust from Domain B, it went through and created the trust. And now I can see it on Domain A's trusted domains list.
I would like to know if the reason not allowing me to do it from Domain A WILL cause some other problems when we need the trust to work. So I would like to find out what might have caused that. I thought this was a DNS issue.
Any comments are appreciated.
Thanks
When I attemp to create the trust from Domain B, it went through and created the trust. And now I can see it on Domain A's trusted domains list.
I would like to know if the reason not allowing me to do it from Domain A WILL cause some other problems when we need the trust to work. So I would like to find out what might have caused that. I thought this was a DNS issue.
Any comments are appreciated.
Thanks
Can the server that is having the issue resolve the DNS domain name of the other domain?
ASKER
No. That is the problem. I can ping domain A from Domain B, but cannot do the opposite. DNS settings look the same.
Both servers are using the same DNS servers?
ASKER
Both domain has their own DNS servers. But they also have each other's DNS as the alternative DNS servers.
The only difference between their TCP/IP DNS settings is: Domain A has the Symantec gateway's IP address as the alternate DNS server (for Internet name resolution) , but it has Domain B's IP address listed under the Advanced TCP/IP properties DNS tab. Domain B does not have the gateway's IP address as the alternate DNS server
The only difference between their TCP/IP DNS settings is: Domain A has the Symantec gateway's IP address as the alternate DNS server (for Internet name resolution) , but it has Domain B's IP address listed under the Advanced TCP/IP properties DNS tab. Domain B does not have the gateway's IP address as the alternate DNS server
OK, what you need to do is either:
1) transfer the zones between the DNS servers
2) setup a forwarded so that DNS requests are sent to the proper DNS server
1) transfer the zones between the DNS servers
2) setup a forwarded so that DNS requests are sent to the proper DNS server
ASKER
Yes, I did not want to transfer the zones so I set up the forwarders on Domain A to forward queries for the names in Domain B to the Domain B's DNS server. Now I can ping Domain B.
But for me questions still remains why it did not resolve with Domain B's DNS IP address was listed under the Advanced TCP/IP settings-->DNS tab. The only reason I can think of is that it is trying to append primary and connection specific DNS suffixes.
IS it a better practice to configure that settings under Advanced TCP/IP properties instead of using forwarders?
Thanks
But for me questions still remains why it did not resolve with Domain B's DNS IP address was listed under the Advanced TCP/IP settings-->DNS tab. The only reason I can think of is that it is trying to append primary and connection specific DNS suffixes.
IS it a better practice to configure that settings under Advanced TCP/IP properties instead of using forwarders?
Thanks
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.