[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Trust only working one way.

Posted on 2010-08-23
10
Medium Priority
?
1,222 Views
Last Modified: 2012-05-10
We have a two way trust connecting two different domains. When using the ABC domain it gives us an error message about the RPC not able to contact the one domain controller on the other domain. When using the 123 domain it says it is working.

I can ping the host name and IP Address. I also used dcdiag on both domain servers and tested dns.

I did not test dcdiag on the domain controller that is not working, because it is not acting as a DNS server.

We have also restarted all servers involved.

Any thoughts?

Thanks!
0
Comment
Question by:EHS_IT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
10 Comments
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33501624
Is there a firewall between the DC's domain naming masters need to be able to communicate on the below ports but ideally all DC should be able to communicate.


RPC endpoint mapper 135/tcp, 135/udp
LSA RPC 42020/tcp
NetBIOS name service 137/tcp, 137/udp
NetBIOS datagram service 138/udp
NetBIOS session service 139/tcp
LDAP 389/tcp+udp
LDAP over SSL 636/tcp
Global catalog LDAP 3268/tcp
Global catalog LDAP over SSL 3269/tcp
Kerberos 88/tcp, 88/udp
DNS 53/tcp, 53/udp
0
 
LVL 1

Author Comment

by:EHS_IT
ID: 33501637
We have a firewall, but i do not think there is an issue.

The abc domain can connect to another dc on 123 domain, just not the second dc. It does not make sense that one would work and the other would not.
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33501651
Depends on the firewall rules, they key server here is the domain naming master btw as they maintain the trusts, is that role on the server you can communicate with? what happens when you try to verify the trust?

0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 1

Author Comment

by:EHS_IT
ID: 33501662
When you verify the trust from abc domain it does not work. When you verify the trust from the 123 domain it says it is working fine.
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33501680
Then you need to check the firweall  for those ports to those server and for the roles on the servers. etc thats where you need to start looking.

Maybe some changed something? moved the roles? server problems (dc) etc?
0
 
LVL 1

Author Comment

by:EHS_IT
ID: 33501687
Ok. Will start looking around.
0
 
LVL 1

Author Comment

by:EHS_IT
ID: 33502002
I am still looking, but it just does not make sense that it was working Friday and we come in on Monday and it is not working. Nothing was done to the firewall all last week. Something was done about a week and a half or two weeks ago, but it was working until this morning.

Just does not make sense.

Still looking. Our firewall settings are a disaster from the people who originally set it up.
0
 
LVL 6

Accepted Solution

by:
guydemarco earned 2000 total points
ID: 33502296
0
 
LVL 1

Author Comment

by:EHS_IT
ID: 33502318
Will do, Thanks!
0
 
LVL 1

Author Comment

by:EHS_IT
ID: 33512537
I restarted the server last night and was able to validate the trusts both ways this morning. I am no longer getting the RPC error, but the one server on 123 domain still cant find the one server on the abc domain.

When i try to connect to a shared drive from 123 domain on abc domain it says: "The mapped network drive could not be connected because of the following err: Logon failure: The target account name is incorrect"



0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question