troubleshooting Question

External Domain Trust Relationship Problem - Cannot find DC?

Avatar of mhentrich
mhentrich asked on
Windows Server 2003Active DirectoryWindows Server 2008
6 Comments1 Solution1993 ViewsLast Modified:
Experts:

I just setup (for ease, I intend to restrict later) a two-way domain-wide trust relationship between our internal domain and a domain I just set up in our DMZ.  The DMZ DC is running Server 2008 R2, the internal DC is 2003.

I've set up all the DNS entries as best I can, I can ping the FQDN of either domain from any place in either domain.  BUT - here's the issue: when trying to grant permissions for a DMZ user in the internal domain or an internal user in the DMZ domain, I only seem to be able to do so on Windows 7 computers, but not on server operating systems (2000, 2003, 2008, or 2008 R2).

That is with the notable exception of the internal DC itself, which allows me to give DMZ users permissions to folders, etc., despite being 2003.

Any idea what is going on?  Why can't I give DMZ users rights to internal resources and vice versa when I have such an open trust?

Final note: When trying to do such an operating on a Win2k server box, I get the following message: "No authority could be contacted for authentication."  BUT, I can ping the DMZ domain's FQDN on it without issue.

Thanks,
Matt
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 6 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 6 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros