Creating a 2 way trust from a 2003 domain

I'm in the middle of creating a two-way, Transitive, Forest level trust between a 2008 R2 domain (corp.xyz.com) and a 2003 domain (123.com).

From both the 2003 Domain and 2008 R2 domain I have DNS properly forwarding to each other VIA conditional forwarders, updating correctly and able to ping each other by both ip and FQDN.  No firewalls and no ports are being blocked.

From the corp.xyz.com I am able to successfully create the trust to 123.com w/o any errors. (At this point I haven't setup the trust on the 2003 domain yet so I can't validate it yet)

From the 123.com I go to create the trust and I am unable to add it. The error I'm getting is "The new trust wizard cannot continue because the specified domain cannot be contacted. Either the domain does not exist, or network  or other problems are preventing connection"

Troubleshooting I've performed:

From corp.xyz.com domain I can see 123.com's AD resources.

nltest /dsgetdc:corp.xyz.com /force
result: DsGetDcName failed: Status- 1355 0x54b ERROR_NO_SUCH_DOMAIN

I also tried to add the trust via command line with out any luck and the only errors I'm seeing in the event logs are "The session setup from the dc2008servername failed to authenticate. The following error occured: Access is denied"

Any idea what I may be over looking here? I'd be happy to do any troubleshooting you may need.

Regards-
asuringAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AmonPereiraCommented:
Have you tried to create a secondary zone into your loca DNS server?

Example: DOMAIN1 has a secondary DNS zone of DOMAIN2 and vice-versa.

This will solve your DNS resolutions problems and you will build a TRUST properly.

Anything else. let me know.
0
asuringAuthor Commented:

I thought about that after I submitted this question, tested it but the problem's still there. Same issues.
0
AwinishCommented:
Its purely a dns issue,you have to ping corp.xyz.com from 123.com & check you are able to telnet dns as well as ldap n GC port.

Check nslookup too.


Is id used in both are member of administrator,enterprise admin,domain?


Just chk below link.

http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/4520ad76-6514-4155-aa12-11b73c7b5bcc
0
asuringAuthor Commented:
I verified that the appropriate ports are open, (the subnets are routed and do not have a firewall between them) nslookup works no problem, DNS is configured as a secondary domain and are replicating w/o errors, I can telnet to all needed ports, and the account used has the appropriate permissions as well. Still no luck on this end. Other idea's?

I've tested and retested every DNS and connectivity test I could think of and everything seems ok.
0
asuringAuthor Commented:
*Update-

After some head scratching I decided to start over from scratch. I rebuilt the DNS server on the 2003 domain and everything worked. Not sure what happened or why but I was able to setup the trust between the two domains.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.