[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 861
  • Last Modified:

Windows 2003 Trust relationship issue

CannotContinue  
Every time I attempt to create a trust relationship between two of our local domains I receive the following error message (screen dump attached).
 
I can successfully run nslookup and ping to the other domain controller from either domain controller servers on the network.
 
I have no idea why I am having this issue.
 
Can someone please assist me.
0
the_omnific
Asked:
the_omnific
  • 2
  • 2
3 Solutions
 
Mike KlineCommented:
So are you using conditional forwarders/stub zones/or secondary zones for name resolution.  Seems like you have that setup ok but want to verify.

Any firewalls between the domains?

Thanks

Mike
0
 
the_omnificAuthor Commented:
The DNS has been configured with a secondary zone. I can ping and nslookup workstations / domain controller on the other domain perfectly fine.
 
The only thing we have in place is Symantec Endpoint. I have disabled it but I still receive the issue.
 
I feel like I'm missing something. I have not configured this before but it seemed pretty straight forward...
0
 
Mike KlineCommented:
ok so secondary zones on both sides and you have no issues importing the zone.

run

Nltest /dsgetdc: targetforestordomain.suffix

you can verify SRV records in the target domain, some examples of SRV records

http://technet.microsoft.com/en-us/library/cc961719.aspx

so nslookup
set type = srv
_ldap._tcp.pdc._msdcs dnsDomain name

Just to verify the ports   http://support.microsoft.com/kb/179442#method2 or   http://pberblog.com/post/2009/11/07/Creating-a-2003-AD-domain-trust-through-a-firewall.aspx

Thanks

Mike
0
 
the_omnificAuthor Commented:
Ok, just a quick update;
 
I removed all trust relationships and started again. This time I created it on our dev domain controller. Outgoing > External Trust (Outgoing: Users in the specified domain can authenticate in the local domain, but users in the local domain cannot authenticate in the specified domain)
 
Since doing that the (Incoming) trust relationship in our production domain automatically created.
 
---------------------

BASICALLY, what I'm trying to achieve is to add a user located in production to a security group in dev.
 
How do I do this?
0
 
lruiz52Commented:
"BASICALLY, what I'm trying to achieve is to add a user located in production to a security group in dev."
 
How do I do this?



make sure that the Security Group in DEV is a Domain Local Group.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now