Trusts - Windows 2003 to Windows 2003/2008 Domain

I have 2 different domains that I have linked via IPSec VPN.

I have added DNS Suffix searches to each domain and have created secondary DNS servers in each respective domain.

From Domain1.Local I can ping all machines in Domain2.Local and vice-versa.

From Domain1.Local I can create a trust to Domain2.Local

From Domain2.Local I get the following message "The name you specified is not a valid Windows domain name."  When I try and create the trust back to Domain1.Local.

Both are running Windows Server 2003 Domain Functional Level and both are running Windows 2003 Forest Functional Level.

Who is Participating?
RJLemonAuthor Commented:
It seems that my DNS forward zones did not have the correct DNS servers in the name servers tab.  There were a couple of old machines still listed here but some of the new ones were missing.

I also noticed that my secondary zone was missing from a couple of the DNS servers so I added it and now it works.

Thanks for the help.
Glen KnightCommented:
Mike KlineCommented:
From domain2  do these succeed

Nslookup domain1.local  (should return IPs for domain1)

Nltest /dsgetdc: domain1.local (should return a DC)

Nslookup _ldap._tcp.pdc._domain1.local

Did the creation/transfer of the secondary zone for domain1 work ok?

Any firewalls between the domains?


Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Just a query, you mention that both the Domains are 2003, then why are you trying to create one way trusts ?
Does it not allow you to create 2 way trusts from Domain 1 and then Validate the trust at Both Domain 1 and Domain 2 ?
After creation of the secondary zones on both the DNS servers, do the zones load fine or are they giving issues ?

Basic steps that i would follow considering that IPSEC over VPN is set to full trust between the IP Segments are as follows:
1) Create Secondary Zone for Domain 1 on Domain 2 DNS server and vice versa.
2) Check if the FQDN of both the Domains are reachable from the other domain.
3) From one Domain create a 2 way trust between both the domains and validate the Trusts at both the Domains.
RJLemonAuthor Commented:
From Domain 1

 nslookup returns domain2.local and its 4 DNS addresses (the DNS servers in domain 2 are dual homed)
 nltest returns 0x54b Error_No_Such_Domain

From Domain 2

 nslookup returns domain1.local and its DNS address
 nltest returns information about my DC

I can ping all machine in either domain from either domain and I can see entries in the forward and reverse zones for both domains on all DNS servers.

Both sites have pfSense firewalls.  This is what is running the IPSec VPN connection.
RJLemonAuthor Commented:
I have created secondary zones on both sides and all seems to be fine in that area.

Results for resolving domains in both ways are above.  One direction works the other does not.

The reason for 1 way trusts is I need to verify users from one domain into the other but I can NOT under any circumstances allow anthing to go the other way.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.