Active Directory trust communication issues...
Posted on 2010-09-02
I am having an issue with a trust relationship that I have created.
Overview of my network
2003 forest level
root domain (A)and child domain (B) fsmo roles within datacentre (firewalled)
Domain controller for domain B (Lets call it DC3) has been created at remote site (for Domain C) in DMZ
RPC ports have been tied down to allow traffic through the firewall
Firewalled from domain B with exception of the domain controller (noted as placed at remote site)
Firewall is open between PDC of Domain C and domain controller (DC3) on all ports as RPC port settings have not been applied in domain C.
DNS zone transfers successfully created between both domains
WINS replication taking place between domains.
An incoming Trust has been established for domain C to trust domain B but appears to have since broken.
From Domain C, the trust appears OK. I am told that the trust is valid and in place.
From Domain B, I am told that the trust cannot be validated as 'There are no logon servers available to service the logon request'. The strange things is that it attempts to validate the secure channel with a domain controller in domain C that it is firewalled from rather than the PDC with which it is able to communicate with.
Can anyone provide any help?
DC3 is able to communicate on standard AD ports (with RPC restricted) to Domain C subnets. The intention is to start refreshing desktop PCs in those subnets with the RPC