Solved

Trouble with cross forest trust

Posted on 2012-04-11
10
1,102 Views
Last Modified: 2012-04-16
I have a frustrating issue I was hoping to get some help on.

The company I started working for has a cross forest trust in place. Domain1 and Domain2. It is a two-way non-transitive trust. Both domains are at a 2003 functional level. Domain1 has 4 name servers, 2 are 2003 and 2 are 2008R2. Domain2 has 2 name servers and both are 2003.

Domain1 is configured with conditional forwarders to domain2, and domain2 has forwarders for domain1.

The problem that we are having is that users in domain2 cannot access shares in domain1. When I go to the properties for the share on domain1\server, go to the security tab, add and then try to do an advanced find on domain2 i get "The following error prevented the display of any items: The specified domain either does not exist or could not be contacted."
0
Comment
Question by:Chuck Cobern
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37834591
can you validate the trust first..

Using the Windows interface
1.Open Active Directory Domains and Trusts.
2.In the console tree, right-click the domain that contains the trust you want to verify, and then click Properties.
3.On the Trusts tab, under either Domains trusted by this domain (outgoing trusts) or Domains that trust this domain (incoming trusts), click the trust to be verified, and then click Properties.
4.Click Validate.
5.Do one of the following, and then click OK:
Click No, do not validate the incoming trust.
If you choose this option, it is recommended that you repeat this procedure for the reciprocal domain.
Click Yes, validate the incoming trust.
If you choose this option, you must type a user account and password with administrative credentials for the reciprocal domain.

http://technet.microsoft.com/en-us/library/cc737447(v=ws.10).aspx
0
 
LVL 43

Expert Comment

by:Amit
ID: 37834692
Are you able to ping any dc in each forest.
0
 

Author Comment

by:Chuck Cobern
ID: 37834726
From Domain2 (Server 2003 DC) I can validate the trust, but from Domain1 I receive the error, "Windows cannot find an Active Directory Domain Controller for the "Domain2" domain. Verify that an AD DC is available and then try again." when trying to validate from a 2008 DC, but the trust validates from a 2003 DC in the same domain.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 43

Accepted Solution

by:
Amit earned 500 total points
ID: 37834740
Looks like to me DNS issue more. I assume ID you are using have both Domain and Enterprise admin rights.
0
 

Author Comment

by:Chuck Cobern
ID: 37834777
I can ping all DC's in both domains. If I am going to ping a DC in the remote domain I have to ping using FQDN (server1.domain2.local).  Yes the credential I am using is both domain and enterprise admin groups.
0
 
LVL 43

Expert Comment

by:Amit
ID: 37834793
0
 

Author Comment

by:Chuck Cobern
ID: 37834872
I've verified the time is the same on all DC's. Still cannot validate the trust.
0
 
LVL 43

Expert Comment

by:Amit
ID: 37837376
My Guess is firewall might be blocking ports. Download port query tool

http://www.microsoft.com/download/en/details.aspx?id=24009

Run it from both sides and compare the port result. If ports are blocked open it.
0
 

Author Comment

by:Chuck Cobern
ID: 37837480
There is no firewall between the two domains. There is a point to point connection. Weird thing is, I can validate the trust from the 2003 DC's but not from the 2008 DC.
0
 

Author Comment

by:Chuck Cobern
ID: 37853131
Ended up being a weird DNS issue.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question