Windows 2003 Trust relationship issue

CannotContinue  
Every time I attempt to create a trust relationship between two of our local domains I receive the following error message (screen dump attached).
 
I can successfully run nslookup and ping to the other domain controller from either domain controller servers on the network.
 
I have no idea why I am having this issue.
 
Can someone please assist me.
LVL 1
the_omnificAsked:
Who is Participating?
 
lruiz52Commented:
"BASICALLY, what I'm trying to achieve is to add a user located in production to a security group in dev."
 
How do I do this?



make sure that the Security Group in DEV is a Domain Local Group.
0
 
Mike KlineCommented:
So are you using conditional forwarders/stub zones/or secondary zones for name resolution.  Seems like you have that setup ok but want to verify.

Any firewalls between the domains?

Thanks

Mike
0
 
the_omnificAuthor Commented:
The DNS has been configured with a secondary zone. I can ping and nslookup workstations / domain controller on the other domain perfectly fine.
 
The only thing we have in place is Symantec Endpoint. I have disabled it but I still receive the issue.
 
I feel like I'm missing something. I have not configured this before but it seemed pretty straight forward...
0
 
Mike KlineCommented:
ok so secondary zones on both sides and you have no issues importing the zone.

run

Nltest /dsgetdc: targetforestordomain.suffix

you can verify SRV records in the target domain, some examples of SRV records

http://technet.microsoft.com/en-us/library/cc961719.aspx

so nslookup
set type = srv
_ldap._tcp.pdc._msdcs dnsDomain name

Just to verify the ports   http://support.microsoft.com/kb/179442#method2 or   http://pberblog.com/post/2009/11/07/Creating-a-2003-AD-domain-trust-through-a-firewall.aspx

Thanks

Mike
0
 
the_omnificAuthor Commented:
Ok, just a quick update;
 
I removed all trust relationships and started again. This time I created it on our dev domain controller. Outgoing > External Trust (Outgoing: Users in the specified domain can authenticate in the local domain, but users in the local domain cannot authenticate in the specified domain)
 
Since doing that the (Incoming) trust relationship in our production domain automatically created.
 
---------------------

BASICALLY, what I'm trying to achieve is to add a user located in production to a security group in dev.
 
How do I do this?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.