Solved

Setting up a trust between two domains

Posted on 2007-12-07
11
1,784 Views
Last Modified: 2012-06-27
I am trying to create a trust between two domains I have created a Router to Router vpn and can ping anything from either side via ip or by computer name.
I have no experience in this sort of thing and do the following
1:\ New Trust
2:\ Type in the name of the domain
3:\ External Trust
4:\ Two-Way
5:\ Both this domain and the specified domain
6:\ Enter Username and Password (I have created an identical user and password with admin rights on both domains)
7:\ Domain-wide Authentication

The trusted relationship cannot be created because the following errors occurred:-
The operation failed. The Error is:- The server is not operational.

WHAT AM I DOING WRONG ?



0
Comment
Question by:abbijade97
  • 6
  • 5
11 Comments
 
LVL 4

Expert Comment

by:tomo999
ID: 20426761
Can you resolve the IP address of the other domain controller by name?
0
 

Author Comment

by:abbijade97
ID: 20427053
Site1
Server-2003 IP 192.168.1.4

Site2
server IP 192.168.10.254

From Site 2
ping server-2003 (get reply 192.168.1.4)

From site 1
ping server (Request timed out 169.254.73.50)
0
 
LVL 4

Expert Comment

by:tomo999
ID: 20427144
It looks like a name resolution issue. Have you got DNS installed on these servers?

As a test, you could try adding an entry for "Server" in the local HOST file on "Server-2003".

Try and get the name resolution in place before trying to create the trust again.
0
 

Author Comment

by:abbijade97
ID: 20427194
thanks, is that by going to dns / forward lookup zone / domain / add an A record?
0
 
LVL 4

Expert Comment

by:tomo999
ID: 20427260
You can use DNS zone forwarding to forward all requests for the other domain to the relevant DC.

Do this on both DCs;
Open the DNS console on the DC, right click the server name and choose "Properties". Then click on "Forwarders". Click the "New" button enter the full name of the other domain (e.g. microsoft.com), click ok and enter the IP address of the other DC into the "Selected Domain's Forwarder IP Address List" field and click "Add".

http://www.petri.co.il/install_and_configure_windows_2003_dns_server.htm

Then you should be able to ping computers in the other domain by their FQDN.
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 

Author Comment

by:abbijade97
ID: 20427453
Hi have done that but from "server-2003" i ping "server" and get

C:\Documents and Settings\Administrator>ping 192.168.10.254
Pinging 192.168.10.254 with 32 bytes of data:
Reply from 192.168.10.254: bytes=32 time=48ms TTL=126
Reply from 192.168.10.254: bytes=32 time=49ms TTL=126
Reply from 192.168.10.254: bytes=32 time=48ms TTL=126
Reply from 192.168.10.254: bytes=32 time=48ms TTL=126

Ping statistics for 192.168.10.254:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 48ms, Maximum = 49ms, Average = 48ms

C:\Documents and Settings\Administrator>ping server

Pinging server [169.254.73.50] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 169.254.73.50:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

I have no idea what 169.254.73.50 IS ?
Also one ot the domains is for example "xxxx.com" and the other is  "xxx.local" if that helps

as you can see I am not very good with DNS
0
 
LVL 4

Accepted Solution

by:
tomo999 earned 500 total points
ID: 20427840
The IP address 169.254.73.50 is from an address range that Microsoft owns. It is normally used when a machine cannot get an IP address from a DHCP server - Not really applicable here.

Have you tried adding an entry for "Server" into the "c:\WINDOWS\system32\drivers\etc\hosts" file on "Server-2003"? Just temporarily while we get this sorted?

Which machine are you doing the ping from?
0
 

Author Comment

by:abbijade97
ID: 20427977
that worked, I am ping from 192.168.1.4 (server.2003) to 192.168.10.4 (server)

if I ping server i now get a reply from server (192.168.10.254)
0
 
LVL 4

Expert Comment

by:tomo999
ID: 20428199
Ok, now try and set up the trust.
0
 

Author Comment

by:abbijade97
ID: 20428248
did do and it worked, While I am being cheeky the other question is, from server-2003 now it is working I browse the network and see the other domain, I click on the other domain and see all the computers and click on server which contains data, it says I dont have permission.

How do I give users from one domain access to that folder via user manager ?
0
 
LVL 4

Expert Comment

by:tomo999
ID: 20428309
Now the trust is in place, you can add users and groups from the other domain into Share/NTFS permissions on the other domain.

Try creating a new folder and share and allow users from the other domain access.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now