I'm in the middle of creating a two-way, Transitive, Forest level trust between a 2008 R2 domain (corp.xyz.com) and a 2003 domain (123.com).
From both the 2003 Domain and 2008 R2 domain I have DNS properly forwarding to each other VIA conditional forwarders, updating correctly and able to ping each other by both ip and FQDN. No firewalls and no ports are being blocked.
From the corp.xyz.com I am able to successfully create the trust to 123.com w/o any errors. (At this point I haven't setup the trust on the 2003 domain yet so I can't validate it yet)
From the 123.com I go to create the trust and I am unable to add it. The error I'm getting is "The new trust wizard cannot continue because the specified domain cannot be contacted. Either the domain does not exist, or network or other problems are preventing connection"
Troubleshooting I've performed:
From corp.xyz.com domain I can see 123.com's AD resources.
nltest /dsgetdc:corp.xyz.com /force
result: DsGetDcName failed: Status- 1355 0x54b ERROR_NO_SUCH_DOMAIN
I also tried to add the trust via command line with out any luck and the only errors I'm seeing in the event logs are "The session setup from the dc2008servername failed to authenticate. The following error occured: Access is denied"
Any idea what I may be over looking here? I'd be happy to do any troubleshooting you may need.