?
Solved

Creating a domain trust

Posted on 2007-10-01
7
Medium Priority
?
2,149 Views
Last Modified: 2011-04-14
We have 2 seperate domains which are in seperate forests. They are not in the same Domain namespace. They are physically in the same network. Both domains are Windows 2003 domains. I have the administrator privilages in both domains. I would like to create 2 way trust between the 2 domains. When I start the wizard on Domain A and type the DNS name for  Domain B, it says "The name you specified is not a valid Windows domain name. Is the specified name a Kerberos V5 realm?". When I retype the DNS domain name for the Domain B the wizard says cannot continue: ""the new trust wizard cannot continue because the specified domain cannot be contacted".
When I attemp to create the trust from Domain B, it went  through and created the trust. And now I can see it on Domain A's trusted domains list.
I would like to know if the reason not allowing me to do it from Domain A WILL cause some other problems when we need the trust to work. So I would like to find out what might have caused that. I thought this was a DNS issue.
Any comments are appreciated.
Thanks
0
Comment
Question by:ArzuGould
  • 4
  • 3
7 Comments
 
LVL 8

Expert Comment

by:smilerz
ID: 19992596
Can the server that is having the issue resolve the DNS domain name of the other domain?
0
 

Author Comment

by:ArzuGould
ID: 19993102
No. That is the problem. I can ping domain A from Domain B, but cannot do the opposite. DNS settings look the same.
0
 
LVL 8

Expert Comment

by:smilerz
ID: 19993129
Both servers are using the same DNS servers?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:ArzuGould
ID: 19993290
Both domain has their own DNS servers. But they also have each other's DNS as the alternative DNS servers.
The only difference between their TCP/IP DNS settings is: Domain A has the Symantec gateway's IP address as the alternate DNS server (for Internet name resolution) , but it has Domain B's IP address listed under  the Advanced TCP/IP properties DNS tab. Domain B does not have the gateway's IP address as the alternate DNS server
0
 
LVL 8

Expert Comment

by:smilerz
ID: 19993361
OK, what you need to do is either:
1) transfer the zones between the DNS servers
2) setup a forwarded so that DNS requests are sent to the proper DNS server
0
 

Author Comment

by:ArzuGould
ID: 19993546
Yes, I did not want to transfer the zones so I set up the forwarders on Domain  A to forward queries for the names in Domain B to the Domain B's DNS server. Now I can ping Domain B.

But for me questions still remains why it did not resolve with Domain B's DNS IP address was listed under the Advanced TCP/IP settings-->DNS tab. The only reason I can think of is that it is trying to append primary and connection specific DNS suffixes.

IS it a better practice to configure that settings under Advanced TCP/IP properties instead of using forwarders?

Thanks
0
 
LVL 8

Accepted Solution

by:
smilerz earned 1500 total points
ID: 19993650
The secondary DNS is only used when the primary address is unavailable.  It won't query both.
Forwarders are completely appropriate in this configuration.
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question