asuring
asked on
Creating a 2 way trust from a 2003 domain
I'm in the middle of creating a two-way, Transitive, Forest level trust between a 2008 R2 domain (corp.xyz.com) and a 2003 domain (123.com).
From both the 2003 Domain and 2008 R2 domain I have DNS properly forwarding to each other VIA conditional forwarders, updating correctly and able to ping each other by both ip and FQDN. No firewalls and no ports are being blocked.
From the corp.xyz.com I am able to successfully create the trust to 123.com w/o any errors. (At this point I haven't setup the trust on the 2003 domain yet so I can't validate it yet)
From the 123.com I go to create the trust and I am unable to add it. The error I'm getting is "The new trust wizard cannot continue because the specified domain cannot be contacted. Either the domain does not exist, or network or other problems are preventing connection"
Troubleshooting I've performed:
From corp.xyz.com domain I can see 123.com's AD resources.
nltest /dsgetdc:corp.xyz.com /force
result: DsGetDcName failed: Status- 1355 0x54b ERROR_NO_SUCH_DOMAIN
I also tried to add the trust via command line with out any luck and the only errors I'm seeing in the event logs are "The session setup from the dc2008servername failed to authenticate. The following error occured: Access is denied"
Any idea what I may be over looking here? I'd be happy to do any troubleshooting you may need.
Regards-
From both the 2003 Domain and 2008 R2 domain I have DNS properly forwarding to each other VIA conditional forwarders, updating correctly and able to ping each other by both ip and FQDN. No firewalls and no ports are being blocked.
From the corp.xyz.com I am able to successfully create the trust to 123.com w/o any errors. (At this point I haven't setup the trust on the 2003 domain yet so I can't validate it yet)
From the 123.com I go to create the trust and I am unable to add it. The error I'm getting is "The new trust wizard cannot continue because the specified domain cannot be contacted. Either the domain does not exist, or network or other problems are preventing connection"
Troubleshooting I've performed:
From corp.xyz.com domain I can see 123.com's AD resources.
nltest /dsgetdc:corp.xyz.com /force
result: DsGetDcName failed: Status- 1355 0x54b ERROR_NO_SUCH_DOMAIN
I also tried to add the trust via command line with out any luck and the only errors I'm seeing in the event logs are "The session setup from the dc2008servername failed to authenticate. The following error occured: Access is denied"
Any idea what I may be over looking here? I'd be happy to do any troubleshooting you may need.
Regards-
ASKER
I thought about that after I submitted this question, tested it but the problem's still there. Same issues.
Its purely a dns issue,you have to ping corp.xyz.com from 123.com & check you are able to telnet dns as well as ldap n GC port.
Check nslookup too.
Is id used in both are member of administrator,enterprise admin,domain?
Just chk below link.
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/4520ad76-6514-4155-aa12-11b73c7b5bcc
Check nslookup too.
Is id used in both are member of administrator,enterprise admin,domain?
Just chk below link.
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/4520ad76-6514-4155-aa12-11b73c7b5bcc
ASKER
I verified that the appropriate ports are open, (the subnets are routed and do not have a firewall between them) nslookup works no problem, DNS is configured as a secondary domain and are replicating w/o errors, I can telnet to all needed ports, and the account used has the appropriate permissions as well. Still no luck on this end. Other idea's?
I've tested and retested every DNS and connectivity test I could think of and everything seems ok.
I've tested and retested every DNS and connectivity test I could think of and everything seems ok.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Example: DOMAIN1 has a secondary DNS zone of DOMAIN2 and vice-versa.
This will solve your DNS resolutions problems and you will build a TRUST properly.
Anything else. let me know.