Solved

Setting up a trust between two domains

Posted on 2007-12-07
11
1,807 Views
Last Modified: 2012-06-27
I am trying to create a trust between two domains I have created a Router to Router vpn and can ping anything from either side via ip or by computer name.
I have no experience in this sort of thing and do the following
1:\ New Trust
2:\ Type in the name of the domain
3:\ External Trust
4:\ Two-Way
5:\ Both this domain and the specified domain
6:\ Enter Username and Password (I have created an identical user and password with admin rights on both domains)
7:\ Domain-wide Authentication

The trusted relationship cannot be created because the following errors occurred:-
The operation failed. The Error is:- The server is not operational.

WHAT AM I DOING WRONG ?



0
Comment
Question by:abbijade97
  • 6
  • 5
11 Comments
 
LVL 4

Expert Comment

by:tomo999
ID: 20426761
Can you resolve the IP address of the other domain controller by name?
0
 

Author Comment

by:abbijade97
ID: 20427053
Site1
Server-2003 IP 192.168.1.4

Site2
server IP 192.168.10.254

From Site 2
ping server-2003 (get reply 192.168.1.4)

From site 1
ping server (Request timed out 169.254.73.50)
0
 
LVL 4

Expert Comment

by:tomo999
ID: 20427144
It looks like a name resolution issue. Have you got DNS installed on these servers?

As a test, you could try adding an entry for "Server" in the local HOST file on "Server-2003".

Try and get the name resolution in place before trying to create the trust again.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:abbijade97
ID: 20427194
thanks, is that by going to dns / forward lookup zone / domain / add an A record?
0
 
LVL 4

Expert Comment

by:tomo999
ID: 20427260
You can use DNS zone forwarding to forward all requests for the other domain to the relevant DC.

Do this on both DCs;
Open the DNS console on the DC, right click the server name and choose "Properties". Then click on "Forwarders". Click the "New" button enter the full name of the other domain (e.g. microsoft.com), click ok and enter the IP address of the other DC into the "Selected Domain's Forwarder IP Address List" field and click "Add".

http://www.petri.co.il/install_and_configure_windows_2003_dns_server.htm

Then you should be able to ping computers in the other domain by their FQDN.
0
 

Author Comment

by:abbijade97
ID: 20427453
Hi have done that but from "server-2003" i ping "server" and get

C:\Documents and Settings\Administrator>ping 192.168.10.254
Pinging 192.168.10.254 with 32 bytes of data:
Reply from 192.168.10.254: bytes=32 time=48ms TTL=126
Reply from 192.168.10.254: bytes=32 time=49ms TTL=126
Reply from 192.168.10.254: bytes=32 time=48ms TTL=126
Reply from 192.168.10.254: bytes=32 time=48ms TTL=126

Ping statistics for 192.168.10.254:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 48ms, Maximum = 49ms, Average = 48ms

C:\Documents and Settings\Administrator>ping server

Pinging server [169.254.73.50] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 169.254.73.50:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

I have no idea what 169.254.73.50 IS ?
Also one ot the domains is for example "xxxx.com" and the other is  "xxx.local" if that helps

as you can see I am not very good with DNS
0
 
LVL 4

Accepted Solution

by:
tomo999 earned 500 total points
ID: 20427840
The IP address 169.254.73.50 is from an address range that Microsoft owns. It is normally used when a machine cannot get an IP address from a DHCP server - Not really applicable here.

Have you tried adding an entry for "Server" into the "c:\WINDOWS\system32\drivers\etc\hosts" file on "Server-2003"? Just temporarily while we get this sorted?

Which machine are you doing the ping from?
0
 

Author Comment

by:abbijade97
ID: 20427977
that worked, I am ping from 192.168.1.4 (server.2003) to 192.168.10.4 (server)

if I ping server i now get a reply from server (192.168.10.254)
0
 
LVL 4

Expert Comment

by:tomo999
ID: 20428199
Ok, now try and set up the trust.
0
 

Author Comment

by:abbijade97
ID: 20428248
did do and it worked, While I am being cheeky the other question is, from server-2003 now it is working I browse the network and see the other domain, I click on the other domain and see all the computers and click on server which contains data, it says I dont have permission.

How do I give users from one domain access to that folder via user manager ?
0
 
LVL 4

Expert Comment

by:tomo999
ID: 20428309
Now the trust is in place, you can add users and groups from the other domain into Share/NTFS permissions on the other domain.

Try creating a new folder and share and allow users from the other domain access.
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question