Unable to login from Member server to Trusted domain

Posted on 2009-12-27
Last Modified: 2012-05-08
Hi  ,

We have two Domain (A, B) in different forests.
all systems are windows 2003 SP2
I created  one way trust between A--- B, B trusted A , so  all resources in B can be accessed by users in A.
opened below ports between Domain controllers only.

Here is the problem,

Unable to login to Member server of domain B by using user of Domain A.
Unable to Brouse user list of Domain A from Member server of domain B

 I Havent opened any ports form this member server to DC's of Domain A

Do i need to open any ports from member server of Domain B  to DC's of Domain A ?

Error :--
The specified domain either does not exist or could not be contacted..

Thanks in advance,

Question by:Peddu_bhanu
    LVL 31

    Expert Comment

    by:Henrik Johansson
    Can you validate the trust on the DC?

    How is DNS configured?
    Is conditional forwarding configured on the local DNS so it can resolve the other domain?

    As you opened RPC port mapper  (135), you also nead to open the dynamic ports
    If you want to minimize the number of dynamic ports, it can be done on the server side as described in
    You're missing the GC ports (3268, 3269). See KB for list of necessary ports
    LVL 1

    Author Comment

    Hi Henjoh09,

    Trust validation is good, I am able to validate trust.

    DNS is also working fine, i enabled forwards between domains
    I used Wireshark to check DNS queries and its working fine.

    One more thing i am able to login to DC of Domain B by using user of Domain A.

    Problem here is only with Member servers.

    Do i need to open Any ports between member server of Domain B and DC of Domain A?
    If so what are those ports.

    LVL 31

    Accepted Solution

    Kerberos port 88 nead to be open from client/member server to DC.
    See the table at the end of following technet article for how to configure firewall rules for different area of actions in the trust.
    LVL 1

    Author Comment

    Thank you for this info.. I think it will help me ..

    I will update you once i impliment this ..

    LVL 24

    Expert Comment

    Can you telnet below port from domain A to domain B.
    Check is there any firewall which is dropping logon packets.
    Since you are not able to browse user,open ldap(389) as well as GC(3268) port on member server.
    Give a try opening all the port on the member server & see if it works.
    You can use netstat -abnov to see the list of port utilized or port moniter.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    This is my first article in EE and english is not my mother tongue so any comments you have or any corrections you would like to make, please feel free to speak up :) For those of you working with AD, you already are very familiar with the classi…
    A quick step-by-step overview of installing and configuring Carbonite Server Backup.
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now