Solved

Setup Domain Trust for internal networks fail - Unable to contact domain error

Posted on 2014-03-13
2
603 Views
Last Modified: 2014-03-19
I have a primary domain, we will call it MM and a virtual domain, called MP. The MM domain is all physical and has been running with no issues. the MP domain is new, and is an attempt to split MM into 2, which is MP. I have a server running ESXi and I have 2 domain controllers running Server 2008 R2, MM domain is running Windows Server 2003. I installed the DNS, DHCP, and AD running. MP is running on a separate subnet, .2.1 and MM is running on .1.1. I can ping the MM domain, and MM can ping the MP domain with no problems. DNS entries were made on both sides (setup as Primary, which I think where the problem is) so the netbios names can be interpreted and pinged.

However, when I do the seemingly easy task of setting up the domain trusts using AD, I enter my MP domain into the fields, set it for Trust with a Windows domain, click next and it fails. The message states that the MP domain cannot be contact... But I can ping the domain, so where is the disconnect?
0
Comment
Question by:Luis_Romero
2 Comments
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39928512
Are these two domains are different forests ?

Also you need to setup either conditional forwarder or secondary zone of both domains to each other so that they can identify each other and then you can establish trust

Check below post to establish conditional forwarder in 2003 Domain
http://www.itgeared.com/articles/1035-configuring-dns-conditional-forwarding/
http://www.computerperformance.co.uk/w2k3/services/DNS_conditional_forward.htm

If you wish to use zone transfer method, then 1st you need to enable zone transfer on domain.com zone in both domains and allow zone transfer for opposite domain dns server
http://technet.microsoft.com/en-us/library/cc782181(v=ws.10).aspx

Then you need to setup secondary zone of both domains vice versa
http://technet.microsoft.com/en-us/library/cc816885(v=ws.10).aspx

Once you done that check with nslookup query at both side dns servers

1.On your DNS, click Start, and then click Run.
2.In the Open box, type cmd.
3.Type nslookup, and then press ENTER.
4.Type set type=all, and then press ENTER.
5.Type _ldap._tcp.dc._msdcs.Domain_Name where Domain Name is the name of your domain 1st, if resolved successfully then enter opposite domain and check if it is resolving

http://support.microsoft.com/kb/816587

If above Nslookup queries are successful, then you can build trust

Mahesh
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 39929558
Also you need to setup either conditional forwarder or secondary zone of both domains to each other so that they can identify each other and then you can establish trust
You can also use stub zones to accomplish this. They're easier to set up than secondaries, since you don't have to configure zone transfers.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now