Creating domain trust but error says it cannot find a logon server for the remote domain

stellaradmin1
stellaradmin1 used Ask the Experts™
on
I am trying to create or re-create a trust between two domains (single-domain forests really) - one is a 2008 R2 domain, the other is a 2003 domain. Whenever I go to validate the trusts I get errors that there was (is) no long server or domain controller found for the other domain. I have both domains here on my same subnet technically. One DC for the remote domain lives here for users who travel here, and that's why I say I have both domains here. The other domain is on a hardwre VPN in another country in reality.

So what can I do to make the locally located remote DC find any of my local domain DC's that are on the same subnet?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
systechSenior Technical Lead

Commented:
check the DNS, whether the DNS entry for the remote DC added in the list, check the credentials,  check the Domain/Forest functional level

Commented:
Ensure Dns is configured correctly on each interface of the domain controllers each dc has dns records for all dc's
systechSenior Technical Lead

Commented:
PMI ACP® Project Management

Prepare for the PMI Agile Certified Practitioner (PMI-ACP)® exam, which formally recognizes your knowledge of agile principles and your skill with agile techniques.

Commented:
How are you DNS server setup?
Does each Domain have its own AD integrated?
If they do I would use conditional forwarders in each domain that point to one or more DNS servers in the other.

Commented:
Are you using the FQD? e.g. domain.mydomain.com sometimes using the simplified domain name wont let you connect.
JamesSenior Cloud Infrastructure Engineer

Commented:
When you create the Trust Relationship you also have to configure the Site Links to allow Intersite Replication. This is what make the whole process of logging on etc.

Author

Commented:
Conditional forwarding won't work - first I get a note that the IP address or any of the DC's in the remote domain are not authoritative (which bothers me if none of them are) but if I continue it tells me the zone already exists as I have already set up the remote domain as a secondary DNS zone inside my own DNS server...

I am using the entire domain - domain.com for example.

Each AD is AD-integrated DNS zones except for the secondary zones that were set up many moons ago for the other's domain.

My domain is 2008 R2 and the remote domain is 2003, so I can't see that the NT 4.0 cryptography is an issue.

Commented:
Just to make sure when you setup the conditional forwarders you are doing it this way

http://msmvps.com/blogs/ad/archive/2008/09/05/how-to-configure-conditional-forwarders-in-windows-server-2008.aspx
JamesSenior Cloud Infrastructure Engineer

Commented:
If this is a single domain forest eg: domain.com why would you need to setup a trust? Trusts only exist between different domains eg my.domain.com - domain.com.

Author

Commented:
Unless I remove the secondary zone, it won't let me add a conditional forwarder for the domain. Is there a difference between conditional forwarders and a secondary zone? It should look up the same information.

Author

Commented:
I'm creating a trust between two forests that each have a single domain - so two single-domain forests. Basically a child company of ours prepared to be separated on its own.
Found the issue...my main PDC emulator DC was pointing to a gateway that did not have a route to get to the remote site for main traffic. After making that change, things were fine.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial