Unable to login from Member server to Trusted domain

Hi  ,

We have two Domain (A, B) in different forests.
all systems are windows 2003 SP2
I created  one way trust between A--- B, B trusted A , so  all resources in B can be accessed by users in A.
opened below ports between Domain controllers only.
135,137,139,445,389,636,53,88


Here is the problem,

Unable to login to Member server of domain B by using user of Domain A.
Unable to Brouse user list of Domain A from Member server of domain B

 I Havent opened any ports form this member server to DC's of Domain A

Do i need to open any ports from member server of Domain B  to DC's of Domain A ?

Error :--
The specified domain either does not exist or could not be contacted..

Thanks in advance,
Bhanu


LVL 1
Peddu_bhanuAsked:
Who is Participating?
 
Henrik JohanssonConnect With a Mentor Systems engineerCommented:
Kerberos port 88 nead to be open from client/member server to DC.
See the table at the end of following technet article for how to configure firewall rules for different area of actions in the trust.
http://technet.microsoft.com/en-us/library/cc756944(WS.10).aspx
0
 
Henrik JohanssonSystems engineerCommented:
Can you validate the trust on the DC?

How is DNS configured?
Is conditional forwarding configured on the local DNS so it can resolve the other domain?

As you opened RPC port mapper  (135), you also nead to open the dynamic ports
If you want to minimize the number of dynamic ports, it can be done on the server side as described in http://support.microsoft.com/kb/154596
You're missing the GC ports (3268, 3269). See KB for list of necessary ports
http://support.microsoft.com/kb/179442
0
 
Peddu_bhanuAuthor Commented:
Hi Henjoh09,

Trust validation is good, I am able to validate trust.

DNS is also working fine, i enabled forwards between domains
I used Wireshark to check DNS queries and its working fine.

One more thing i am able to login to DC of Domain B by using user of Domain A.

Problem here is only with Member servers.

Do i need to open Any ports between member server of Domain B and DC of Domain A?
If so what are those ports.

Regards,
Bhanu
 
0
 
Peddu_bhanuAuthor Commented:
Thank you for this info.. I think it will help me ..

I will update you once i impliment this ..


Regards,
Bhanu
0
 
AwinishCommented:
Can you telnet below port from domain A to domain B.
Check is there any firewall which is dropping logon packets.
Since you are not able to browse user,open ldap(389) as well as GC(3268) port on member server.
Give a try opening all the port on the member server & see if it works.
You can use netstat -abnov to see the list of port utilized or port moniter.
 
 
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.