Trusts - Windows 2003 to Windows 2003/2008 Domain

I have 2 different domains that I have linked via IPSec VPN.

I have added DNS Suffix searches to each domain and have created secondary DNS servers in each respective domain.

From Domain1.Local I can ping all machines in Domain2.Local and vice-versa.

From Domain1.Local I can create a trust to Domain2.Local

From Domain2.Local I get the following message "The name you specified is not a valid Windows domain name."  When I try and create the trust back to Domain1.Local.

Both are running Windows Server 2003 Domain Functional Level and both are running Windows 2003 Forest Functional Level.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Glen KnightCommented:
Mike KlineCommented:
From domain2  do these succeed

Nslookup domain1.local  (should return IPs for domain1)

Nltest /dsgetdc: domain1.local (should return a DC)

Nslookup _ldap._tcp.pdc._domain1.local

Did the creation/transfer of the secondary zone for domain1 work ok?

Any firewalls between the domains?


Just a query, you mention that both the Domains are 2003, then why are you trying to create one way trusts ?
Does it not allow you to create 2 way trusts from Domain 1 and then Validate the trust at Both Domain 1 and Domain 2 ?
After creation of the secondary zones on both the DNS servers, do the zones load fine or are they giving issues ?

Basic steps that i would follow considering that IPSEC over VPN is set to full trust between the IP Segments are as follows:
1) Create Secondary Zone for Domain 1 on Domain 2 DNS server and vice versa.
2) Check if the FQDN of both the Domains are reachable from the other domain.
3) From one Domain create a 2 way trust between both the domains and validate the Trusts at both the Domains.
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

RJLemonAuthor Commented:
From Domain 1

 nslookup returns domain2.local and its 4 DNS addresses (the DNS servers in domain 2 are dual homed)
 nltest returns 0x54b Error_No_Such_Domain

From Domain 2

 nslookup returns domain1.local and its DNS address
 nltest returns information about my DC

I can ping all machine in either domain from either domain and I can see entries in the forward and reverse zones for both domains on all DNS servers.

Both sites have pfSense firewalls.  This is what is running the IPSec VPN connection.
RJLemonAuthor Commented:
I have created secondary zones on both sides and all seems to be fine in that area.

Results for resolving domains in both ways are above.  One direction works the other does not.

The reason for 1 way trusts is I need to verify users from one domain into the other but I can NOT under any circumstances allow anthing to go the other way.
RJLemonAuthor Commented:
It seems that my DNS forward zones did not have the correct DNS servers in the name servers tab.  There were a couple of old machines still listed here but some of the new ones were missing.

I also noticed that my secondary zone was missing from a couple of the DNS servers so I added it and now it works.

Thanks for the help.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.