Improve company productivity with a Business Account.Sign Up

x
?
Solved

Trouble with cross forest trust

Posted on 2012-04-11
10
Medium Priority
?
1,138 Views
Last Modified: 2012-04-16
I have a frustrating issue I was hoping to get some help on.

The company I started working for has a cross forest trust in place. Domain1 and Domain2. It is a two-way non-transitive trust. Both domains are at a 2003 functional level. Domain1 has 4 name servers, 2 are 2003 and 2 are 2008R2. Domain2 has 2 name servers and both are 2003.

Domain1 is configured with conditional forwarders to domain2, and domain2 has forwarders for domain1.

The problem that we are having is that users in domain2 cannot access shares in domain1. When I go to the properties for the share on domain1\server, go to the security tab, add and then try to do an advanced find on domain2 i get "The following error prevented the display of any items: The specified domain either does not exist or could not be contacted."
0
Comment
Question by:Chuck Cobern
  • 5
  • 4
10 Comments
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37834591
can you validate the trust first..

Using the Windows interface
1.Open Active Directory Domains and Trusts.
2.In the console tree, right-click the domain that contains the trust you want to verify, and then click Properties.
3.On the Trusts tab, under either Domains trusted by this domain (outgoing trusts) or Domains that trust this domain (incoming trusts), click the trust to be verified, and then click Properties.
4.Click Validate.
5.Do one of the following, and then click OK:
Click No, do not validate the incoming trust.
If you choose this option, it is recommended that you repeat this procedure for the reciprocal domain.
Click Yes, validate the incoming trust.
If you choose this option, you must type a user account and password with administrative credentials for the reciprocal domain.

http://technet.microsoft.com/en-us/library/cc737447(v=ws.10).aspx
0
 
LVL 45

Expert Comment

by:Amit
ID: 37834692
Are you able to ping any dc in each forest.
0
 

Author Comment

by:Chuck Cobern
ID: 37834726
From Domain2 (Server 2003 DC) I can validate the trust, but from Domain1 I receive the error, "Windows cannot find an Active Directory Domain Controller for the "Domain2" domain. Verify that an AD DC is available and then try again." when trying to validate from a 2008 DC, but the trust validates from a 2003 DC in the same domain.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
LVL 45

Accepted Solution

by:
Amit earned 1500 total points
ID: 37834740
Looks like to me DNS issue more. I assume ID you are using have both Domain and Enterprise admin rights.
0
 

Author Comment

by:Chuck Cobern
ID: 37834777
I can ping all DC's in both domains. If I am going to ping a DC in the remote domain I have to ping using FQDN (server1.domain2.local).  Yes the credential I am using is both domain and enterprise admin groups.
0
 
LVL 45

Expert Comment

by:Amit
ID: 37834793
0
 

Author Comment

by:Chuck Cobern
ID: 37834872
I've verified the time is the same on all DC's. Still cannot validate the trust.
0
 
LVL 45

Expert Comment

by:Amit
ID: 37837376
My Guess is firewall might be blocking ports. Download port query tool

http://www.microsoft.com/download/en/details.aspx?id=24009

Run it from both sides and compare the port result. If ports are blocked open it.
0
 

Author Comment

by:Chuck Cobern
ID: 37837480
There is no firewall between the two domains. There is a point to point connection. Weird thing is, I can validate the trust from the 2003 DC's but not from the 2008 DC.
0
 

Author Comment

by:Chuck Cobern
ID: 37853131
Ended up being a weird DNS issue.
0

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

A procedure for exporting installed hotfix details of remote computers using powershell
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

608 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question