Link to home
Start Free TrialLog in
Avatar of abbijade97
abbijade97

asked on

Setting up a trust between two domains

I am trying to create a trust between two domains I have created a Router to Router vpn and can ping anything from either side via ip or by computer name.
I have no experience in this sort of thing and do the following
1:\ New Trust
2:\ Type in the name of the domain
3:\ External Trust
4:\ Two-Way
5:\ Both this domain and the specified domain
6:\ Enter Username and Password (I have created an identical user and password with admin rights on both domains)
7:\ Domain-wide Authentication

The trusted relationship cannot be created because the following errors occurred:-
The operation failed. The Error is:- The server is not operational.

WHAT AM I DOING WRONG ?



Avatar of tomo999
tomo999
Flag of United Kingdom of Great Britain and Northern Ireland image

Can you resolve the IP address of the other domain controller by name?
Avatar of abbijade97
abbijade97

ASKER

Site1
Server-2003 IP 192.168.1.4

Site2
server IP 192.168.10.254

From Site 2
ping server-2003 (get reply 192.168.1.4)

From site 1
ping server (Request timed out 169.254.73.50)
It looks like a name resolution issue. Have you got DNS installed on these servers?

As a test, you could try adding an entry for "Server" in the local HOST file on "Server-2003".

Try and get the name resolution in place before trying to create the trust again.
thanks, is that by going to dns / forward lookup zone / domain / add an A record?
You can use DNS zone forwarding to forward all requests for the other domain to the relevant DC.

Do this on both DCs;
Open the DNS console on the DC, right click the server name and choose "Properties". Then click on "Forwarders". Click the "New" button enter the full name of the other domain (e.g. microsoft.com), click ok and enter the IP address of the other DC into the "Selected Domain's Forwarder IP Address List" field and click "Add".

http://www.petri.co.il/install_and_configure_windows_2003_dns_server.htm

Then you should be able to ping computers in the other domain by their FQDN.
Hi have done that but from "server-2003" i ping "server" and get

C:\Documents and Settings\Administrator>ping 192.168.10.254
Pinging 192.168.10.254 with 32 bytes of data:
Reply from 192.168.10.254: bytes=32 time=48ms TTL=126
Reply from 192.168.10.254: bytes=32 time=49ms TTL=126
Reply from 192.168.10.254: bytes=32 time=48ms TTL=126
Reply from 192.168.10.254: bytes=32 time=48ms TTL=126

Ping statistics for 192.168.10.254:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 48ms, Maximum = 49ms, Average = 48ms

C:\Documents and Settings\Administrator>ping server

Pinging server [169.254.73.50] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 169.254.73.50:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

I have no idea what 169.254.73.50 IS ?
Also one ot the domains is for example "xxxx.com" and the other is  "xxx.local" if that helps

as you can see I am not very good with DNS
ASKER CERTIFIED SOLUTION
Avatar of tomo999
tomo999
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
that worked, I am ping from 192.168.1.4 (server.2003) to 192.168.10.4 (server)

if I ping server i now get a reply from server (192.168.10.254)
Ok, now try and set up the trust.
did do and it worked, While I am being cheeky the other question is, from server-2003 now it is working I browse the network and see the other domain, I click on the other domain and see all the computers and click on server which contains data, it says I dont have permission.

How do I give users from one domain access to that folder via user manager ?
Now the trust is in place, you can add users and groups from the other domain into Share/NTFS permissions on the other domain.

Try creating a new folder and share and allow users from the other domain access.