I am having an issue with a trust relationship that I have created.
Overview of my network
2003 forest level
root domain (A)and child domain (B) fsmo roles within datacentre (firewalled)
Domain controller for domain B (Lets call it DC3) has been created at remote site (for Domain C) in DMZ
RPC ports have been tied down to allow traffic through the firewall
Firewalled from domain B with exception of the domain controller (noted as placed at remote site)
Firewall is open between PDC of Domain C and domain controller (DC3) on all ports as RPC port settings have not been applied in domain C.
DNS zone transfers successfully created between both domains
WINS replication taking place between domains.
DC3 is able to communicate on standard AD ports (with RPC restricted) to Domain C subnets.
An incoming Trust has been established for domain C to trust domain B but appears to have since broken.
From a DC in Domain C, the trust appears OK. I am told that the trust is valid and in place.
From Domain B, I am told that the trust cannot be validated as 'There are no logon servers available to service the logon request'. The strange things is that it attempts to validate the secure channel with a domain controller in domain C that it is firewalled from rather than the PDC with which it is able to communicate with.
Even stranger is that it seems to be OK one day and broken the next. Without anything changing everything may work tomorrow!
When I open AD users and computers from the DC in Domain B at the remote site and try connect to Domain C, I get an error;
The domain ** could not be found because: Access is denied
I have done some more investigations as it is back down again today. It was working OK yesterday and nothing has changed...
I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
Dom Guid: 37a357fe-e492-43a2-8a1e-c0abcfcbf94e
Dom Name: ceg.company.org
Forest Name: ceg.company.org
Dc Site Name: Koeln-HQ
Flags: GC DS LDAP KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST
The command completed successfully
It would appear to be something wrong with name resolution but everything looks OK