Trouble with cross forest trust

I have a frustrating issue I was hoping to get some help on.

The company I started working for has a cross forest trust in place. Domain1 and Domain2. It is a two-way non-transitive trust. Both domains are at a 2003 functional level. Domain1 has 4 name servers, 2 are 2003 and 2 are 2008R2. Domain2 has 2 name servers and both are 2003.

Domain1 is configured with conditional forwarders to domain2, and domain2 has forwarders for domain1.

The problem that we are having is that users in domain2 cannot access shares in domain1. When I go to the properties for the share on domain1\server, go to the security tab, add and then try to do an advanced find on domain2 i get "The following error prevented the display of any items: The specified domain either does not exist or could not be contacted."
Chuck CobernAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AnuroopsunddCommented:
can you validate the trust first..

Using the Windows interface
1.Open Active Directory Domains and Trusts.
2.In the console tree, right-click the domain that contains the trust you want to verify, and then click Properties.
3.On the Trusts tab, under either Domains trusted by this domain (outgoing trusts) or Domains that trust this domain (incoming trusts), click the trust to be verified, and then click Properties.
4.Click Validate.
5.Do one of the following, and then click OK:
Click No, do not validate the incoming trust.
If you choose this option, it is recommended that you repeat this procedure for the reciprocal domain.
Click Yes, validate the incoming trust.
If you choose this option, you must type a user account and password with administrative credentials for the reciprocal domain.

http://technet.microsoft.com/en-us/library/cc737447(v=ws.10).aspx
AmitIT ArchitectCommented:
Are you able to ping any dc in each forest.
Chuck CobernAuthor Commented:
From Domain2 (Server 2003 DC) I can validate the trust, but from Domain1 I receive the error, "Windows cannot find an Active Directory Domain Controller for the "Domain2" domain. Verify that an AD DC is available and then try again." when trying to validate from a 2008 DC, but the trust validates from a 2003 DC in the same domain.
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

AmitIT ArchitectCommented:
Looks like to me DNS issue more. I assume ID you are using have both Domain and Enterprise admin rights.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Chuck CobernAuthor Commented:
I can ping all DC's in both domains. If I am going to ping a DC in the remote domain I have to ping using FQDN (server1.domain2.local).  Yes the credential I am using is both domain and enterprise admin groups.
Chuck CobernAuthor Commented:
I've verified the time is the same on all DC's. Still cannot validate the trust.
AmitIT ArchitectCommented:
My Guess is firewall might be blocking ports. Download port query tool

http://www.microsoft.com/download/en/details.aspx?id=24009

Run it from both sides and compare the port result. If ports are blocked open it.
Chuck CobernAuthor Commented:
There is no firewall between the two domains. There is a point to point connection. Weird thing is, I can validate the trust from the 2003 DC's but not from the 2008 DC.
Chuck CobernAuthor Commented:
Ended up being a weird DNS issue.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.