Creating a 2 way trust from a 2003 domain

I'm in the middle of creating a two-way, Transitive, Forest level trust between a 2008 R2 domain ( and a 2003 domain (

From both the 2003 Domain and 2008 R2 domain I have DNS properly forwarding to each other VIA conditional forwarders, updating correctly and able to ping each other by both ip and FQDN.  No firewalls and no ports are being blocked.

From the I am able to successfully create the trust to w/o any errors. (At this point I haven't setup the trust on the 2003 domain yet so I can't validate it yet)

From the I go to create the trust and I am unable to add it. The error I'm getting is "The new trust wizard cannot continue because the specified domain cannot be contacted. Either the domain does not exist, or network  or other problems are preventing connection"

Troubleshooting I've performed:

From domain I can see's AD resources.

nltest / /force
result: DsGetDcName failed: Status- 1355 0x54b ERROR_NO_SUCH_DOMAIN

I also tried to add the trust via command line with out any luck and the only errors I'm seeing in the event logs are "The session setup from the dc2008servername failed to authenticate. The following error occured: Access is denied"

Any idea what I may be over looking here? I'd be happy to do any troubleshooting you may need.

Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

asuringConnect With a Mentor Author Commented:

After some head scratching I decided to start over from scratch. I rebuilt the DNS server on the 2003 domain and everything worked. Not sure what happened or why but I was able to setup the trust between the two domains.
Have you tried to create a secondary zone into your loca DNS server?

Example: DOMAIN1 has a secondary DNS zone of DOMAIN2 and vice-versa.

This will solve your DNS resolutions problems and you will build a TRUST properly.

Anything else. let me know.
asuringAuthor Commented:

I thought about that after I submitted this question, tested it but the problem's still there. Same issues.
Its purely a dns issue,you have to ping from & check you are able to telnet dns as well as ldap n GC port.

Check nslookup too.

Is id used in both are member of administrator,enterprise admin,domain?

Just chk below link.
asuringAuthor Commented:
I verified that the appropriate ports are open, (the subnets are routed and do not have a firewall between them) nslookup works no problem, DNS is configured as a secondary domain and are replicating w/o errors, I can telnet to all needed ports, and the account used has the appropriate permissions as well. Still no luck on this end. Other idea's?

I've tested and retested every DNS and connectivity test I could think of and everything seems ok.
All Courses

From novice to tech pro — start learning today.