?
Solved

Setting up a trust between two domains

Posted on 2007-12-07
11
Medium Priority
?
1,848 Views
Last Modified: 2012-06-27
I am trying to create a trust between two domains I have created a Router to Router vpn and can ping anything from either side via ip or by computer name.
I have no experience in this sort of thing and do the following
1:\ New Trust
2:\ Type in the name of the domain
3:\ External Trust
4:\ Two-Way
5:\ Both this domain and the specified domain
6:\ Enter Username and Password (I have created an identical user and password with admin rights on both domains)
7:\ Domain-wide Authentication

The trusted relationship cannot be created because the following errors occurred:-
The operation failed. The Error is:- The server is not operational.

WHAT AM I DOING WRONG ?



0
Comment
Question by:abbijade97
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 4

Expert Comment

by:tomo999
ID: 20426761
Can you resolve the IP address of the other domain controller by name?
0
 

Author Comment

by:abbijade97
ID: 20427053
Site1
Server-2003 IP 192.168.1.4

Site2
server IP 192.168.10.254

From Site 2
ping server-2003 (get reply 192.168.1.4)

From site 1
ping server (Request timed out 169.254.73.50)
0
 
LVL 4

Expert Comment

by:tomo999
ID: 20427144
It looks like a name resolution issue. Have you got DNS installed on these servers?

As a test, you could try adding an entry for "Server" in the local HOST file on "Server-2003".

Try and get the name resolution in place before trying to create the trust again.
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:abbijade97
ID: 20427194
thanks, is that by going to dns / forward lookup zone / domain / add an A record?
0
 
LVL 4

Expert Comment

by:tomo999
ID: 20427260
You can use DNS zone forwarding to forward all requests for the other domain to the relevant DC.

Do this on both DCs;
Open the DNS console on the DC, right click the server name and choose "Properties". Then click on "Forwarders". Click the "New" button enter the full name of the other domain (e.g. microsoft.com), click ok and enter the IP address of the other DC into the "Selected Domain's Forwarder IP Address List" field and click "Add".

http://www.petri.co.il/install_and_configure_windows_2003_dns_server.htm

Then you should be able to ping computers in the other domain by their FQDN.
0
 

Author Comment

by:abbijade97
ID: 20427453
Hi have done that but from "server-2003" i ping "server" and get

C:\Documents and Settings\Administrator>ping 192.168.10.254
Pinging 192.168.10.254 with 32 bytes of data:
Reply from 192.168.10.254: bytes=32 time=48ms TTL=126
Reply from 192.168.10.254: bytes=32 time=49ms TTL=126
Reply from 192.168.10.254: bytes=32 time=48ms TTL=126
Reply from 192.168.10.254: bytes=32 time=48ms TTL=126

Ping statistics for 192.168.10.254:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 48ms, Maximum = 49ms, Average = 48ms

C:\Documents and Settings\Administrator>ping server

Pinging server [169.254.73.50] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 169.254.73.50:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

I have no idea what 169.254.73.50 IS ?
Also one ot the domains is for example "xxxx.com" and the other is  "xxx.local" if that helps

as you can see I am not very good with DNS
0
 
LVL 4

Accepted Solution

by:
tomo999 earned 2000 total points
ID: 20427840
The IP address 169.254.73.50 is from an address range that Microsoft owns. It is normally used when a machine cannot get an IP address from a DHCP server - Not really applicable here.

Have you tried adding an entry for "Server" into the "c:\WINDOWS\system32\drivers\etc\hosts" file on "Server-2003"? Just temporarily while we get this sorted?

Which machine are you doing the ping from?
0
 

Author Comment

by:abbijade97
ID: 20427977
that worked, I am ping from 192.168.1.4 (server.2003) to 192.168.10.4 (server)

if I ping server i now get a reply from server (192.168.10.254)
0
 
LVL 4

Expert Comment

by:tomo999
ID: 20428199
Ok, now try and set up the trust.
0
 

Author Comment

by:abbijade97
ID: 20428248
did do and it worked, While I am being cheeky the other question is, from server-2003 now it is working I browse the network and see the other domain, I click on the other domain and see all the computers and click on server which contains data, it says I dont have permission.

How do I give users from one domain access to that folder via user manager ?
0
 
LVL 4

Expert Comment

by:tomo999
ID: 20428309
Now the trust is in place, you can add users and groups from the other domain into Share/NTFS permissions on the other domain.

Try creating a new folder and share and allow users from the other domain access.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question