Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.
Course Of The Month
5 days, 20 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Setup Domain Trust for internal networks fail - Unable to contact domain error
Posted on 2014-03-13
I have a primary domain, we will call it MM and a virtual domain, called MP. The MM domain is all physical and has been running with no issues. the MP domain is new, and is an attempt to split MM into 2, which is MP. I have a server running ESXi and I have 2 domain controllers running Server 2008 R2, MM domain is running Windows Server 2003. I installed the DNS, DHCP, and AD running. MP is running on a separate subnet, .2.1 and MM is running on .1.1. I can ping the MM domain, and MM can ping the MP domain with no problems. DNS entries were made on both sides (setup as Primary, which I think where the problem is) so the netbios names can be interpreted and pinged.
However, when I do the seemingly easy task of setting up the domain trusts using AD, I enter my MP domain into the fields, set it for Trust with a Windows domain, click next and it fails. The message states that the MP domain cannot be contact... But I can ping the domain, so where is the disconnect?
However, when I do the seemingly easy task of setting up the domain trusts using AD, I enter my MP domain into the fields, set it for Trust with a Windows domain, click next and it fails. The message states that the MP domain cannot be contact... But I can ping the domain, so where is the disconnect?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2 Comments
Active 1 day ago
Are these two domains are different forests ?
Also you need to setup either conditional forwarder or secondary zone of both domains to each other so that they can identify each other and then you can establish trust
Check below post to establish conditional forwarder in 2003 Domain
http://www.itgeared.com/articles/1035-configuring-dns-conditional-forwarding/
http://www.computerperformance.co.uk/w2k3/services/DNS_conditional_forward.htm
If you wish to use zone transfer method, then 1st you need to enable zone transfer on domain.com zone in both domains and allow zone transfer for opposite domain dns server
http://technet.microsoft.com/en-us/library/cc782181(v=ws.10).aspx
Then you need to setup secondary zone of both domains vice versa
http://technet.microsoft.com/en-us/library/cc816885(v=ws.10).aspx
Once you done that check with nslookup query at both side dns servers
1.On your DNS, click Start, and then click Run.
2.In the Open box, type cmd.
3.Type nslookup, and then press ENTER.
4.Type set type=all, and then press ENTER.
5.Type _ldap._tcp.dc._msdcs.Domai
http://support.microsoft.com/kb/816587
If above Nslookup queries are successful, then you can build trust
Mahesh
Also you need to setup either conditional forwarder or secondary zone of both domains to each other so that they can identify each other and then you can establish trust
Check below post to establish conditional forwarder in 2003 Domain
http://www.itgeared.com/articles/1035-configuring-dns-conditional-forwarding/
http://www.computerperformance.co.uk/w2k3/services/DNS_conditional_forward.htm
If you wish to use zone transfer method, then 1st you need to enable zone transfer on domain.com zone in both domains and allow zone transfer for opposite domain dns server
http://technet.microsoft.com/en-us/library/cc782181(v=ws.10).aspx
Then you need to setup secondary zone of both domains vice versa
http://technet.microsoft.com/en-us/library/cc816885(v=ws.10).aspx
Once you done that check with nslookup query at both side dns servers
1.On your DNS, click Start, and then click Run.
2.In the Open box, type cmd.
3.Type nslookup, and then press ENTER.
4.Type set type=all, and then press ENTER.
5.Type _ldap._tcp.dc._msdcs.Domai
http://support.microsoft.com/kb/816587
If above Nslookup queries are successful, then you can build trust
Mahesh
Active 1 day ago
Also you need to setup either conditional forwarder or secondary zone of both domains to each other so that they can identify each other and then you can establish trustYou can also use stub zones to accomplish this. They're easier to set up than secondaries, since you don't have to configure zone transfers.
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s
ManageEngine
webinar, where attendees received a comprehensive look at the ma…
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008.
Determine the location of the FSMO roles by lo…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month5 days, 20 hours left to enroll
Earn Certification
MCSA Configuring Windows 7 Exam 70-680
$49.00$44.10
705 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.