Solved

Unable to establish trust on 2K8 R2 functional domains due to DNS namespace overlapping at COOP

Posted on 2014-03-10
2
265 Views
Last Modified: 2014-03-10
I built a COOP site domain to work as a warm site.  Because this is a secure network I was forced to complete the site/domain configurations before I was able to connect the two sites.  My first site domain is work.site.com, and I wanted my backup site to be created as a new site, so I selected coop.work.site.com.  When I connected the sites I found that I created a DNS scenario where lookups from work.site.com are not forwarding to coop.work.site.com because it believes it is authoritative.  Lookups from coop.work.site.com do successfully find servers on work.site.com.  Now I am stuck with the domain migration becuase I cannot even establish a two way trust due to DNS failures.  

I will have a very hard time changing the structure of the domain namespace at the COOP due to the fact that certificates have been issued and our security posture has been approved, so major changes will be scrutinized.  I do have full control of the domain migration process and the DNS, AD, Trusts, and Sites.  

Have I engineered myself into a corner?  How do I configure the routing to begin my migration?
0
Comment
Question by:astrofizix
2 Comments
 
LVL 25

Accepted Solution

by:
DrDave242 earned 500 total points
ID: 39917885
It sounds like you need to create a delegation for the coop.work.site.com domain on the DNS servers for the work.site.com domain. Creating a delegation in 2008 R2 is quite simple: right-click in the work.site.com zone, select New Delegation, and follow the prompts in the wizard. More information is here if you need it.
0
 

Author Comment

by:astrofizix
ID: 39918513
Thank you DrDave, while I have not solved this issue yet, I have convinced myself that this is a DNS issue which can be resolved by configuring the namespaces on both DNS servers until they can fully see each other.  I created the Delegation, but it did not resolve my problems immediately, I think I have a few more configuration changes to make.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now