Solved

Setting up a trust between two domains

Posted on 2007-12-07
11
1,779 Views
Last Modified: 2012-06-27
I am trying to create a trust between two domains I have created a Router to Router vpn and can ping anything from either side via ip or by computer name.
I have no experience in this sort of thing and do the following
1:\ New Trust
2:\ Type in the name of the domain
3:\ External Trust
4:\ Two-Way
5:\ Both this domain and the specified domain
6:\ Enter Username and Password (I have created an identical user and password with admin rights on both domains)
7:\ Domain-wide Authentication

The trusted relationship cannot be created because the following errors occurred:-
The operation failed. The Error is:- The server is not operational.

WHAT AM I DOING WRONG ?



0
Comment
Question by:abbijade97
  • 6
  • 5
11 Comments
 
LVL 4

Expert Comment

by:tomo999
Comment Utility
Can you resolve the IP address of the other domain controller by name?
0
 

Author Comment

by:abbijade97
Comment Utility
Site1
Server-2003 IP 192.168.1.4

Site2
server IP 192.168.10.254

From Site 2
ping server-2003 (get reply 192.168.1.4)

From site 1
ping server (Request timed out 169.254.73.50)
0
 
LVL 4

Expert Comment

by:tomo999
Comment Utility
It looks like a name resolution issue. Have you got DNS installed on these servers?

As a test, you could try adding an entry for "Server" in the local HOST file on "Server-2003".

Try and get the name resolution in place before trying to create the trust again.
0
 

Author Comment

by:abbijade97
Comment Utility
thanks, is that by going to dns / forward lookup zone / domain / add an A record?
0
 
LVL 4

Expert Comment

by:tomo999
Comment Utility
You can use DNS zone forwarding to forward all requests for the other domain to the relevant DC.

Do this on both DCs;
Open the DNS console on the DC, right click the server name and choose "Properties". Then click on "Forwarders". Click the "New" button enter the full name of the other domain (e.g. microsoft.com), click ok and enter the IP address of the other DC into the "Selected Domain's Forwarder IP Address List" field and click "Add".

http://www.petri.co.il/install_and_configure_windows_2003_dns_server.htm

Then you should be able to ping computers in the other domain by their FQDN.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:abbijade97
Comment Utility
Hi have done that but from "server-2003" i ping "server" and get

C:\Documents and Settings\Administrator>ping 192.168.10.254
Pinging 192.168.10.254 with 32 bytes of data:
Reply from 192.168.10.254: bytes=32 time=48ms TTL=126
Reply from 192.168.10.254: bytes=32 time=49ms TTL=126
Reply from 192.168.10.254: bytes=32 time=48ms TTL=126
Reply from 192.168.10.254: bytes=32 time=48ms TTL=126

Ping statistics for 192.168.10.254:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 48ms, Maximum = 49ms, Average = 48ms

C:\Documents and Settings\Administrator>ping server

Pinging server [169.254.73.50] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 169.254.73.50:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

I have no idea what 169.254.73.50 IS ?
Also one ot the domains is for example "xxxx.com" and the other is  "xxx.local" if that helps

as you can see I am not very good with DNS
0
 
LVL 4

Accepted Solution

by:
tomo999 earned 500 total points
Comment Utility
The IP address 169.254.73.50 is from an address range that Microsoft owns. It is normally used when a machine cannot get an IP address from a DHCP server - Not really applicable here.

Have you tried adding an entry for "Server" into the "c:\WINDOWS\system32\drivers\etc\hosts" file on "Server-2003"? Just temporarily while we get this sorted?

Which machine are you doing the ping from?
0
 

Author Comment

by:abbijade97
Comment Utility
that worked, I am ping from 192.168.1.4 (server.2003) to 192.168.10.4 (server)

if I ping server i now get a reply from server (192.168.10.254)
0
 
LVL 4

Expert Comment

by:tomo999
Comment Utility
Ok, now try and set up the trust.
0
 

Author Comment

by:abbijade97
Comment Utility
did do and it worked, While I am being cheeky the other question is, from server-2003 now it is working I browse the network and see the other domain, I click on the other domain and see all the computers and click on server which contains data, it says I dont have permission.

How do I give users from one domain access to that folder via user manager ?
0
 
LVL 4

Expert Comment

by:tomo999
Comment Utility
Now the trust is in place, you can add users and groups from the other domain into Share/NTFS permissions on the other domain.

Try creating a new folder and share and allow users from the other domain access.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now