Creating a one way trust on a DMZ server
Posted on 2014-09-08
I have setup a dmz server and made it a DC and transferred all of the roles from the 2003 DC to the 2012R2 DC. All of the users and groups replicated without issue. I DCpromo down the old 2003 DC. I opened the firewall completely and then created a one way transitive forest trust from the Internal Domain controller. I am having issues with validating the one way trust that I have established. Both the internal and DMZ domains are on the domain functional level and the forest functional level of 2012R2. When I try to validate the trust from the inside it says that it is valid. However when I perform this check from the DMZ DC I get the following error message: The local security authority is unable to obtain an RPC connection to the active directory domain controller DNS2.xxx.us Please check that the name can be resolved and that the server is available.
I have downloaded portqry 2.0 and checked all of the ports I know to check. The following ports are listening: 123. 135. 464, 49152, 389. 636. 3268, 3269, 53, 88
445 is filtered.
I have checked the services for RPC to make sure they are running and the following are on both internal and external: Remote Procedure Call, Remote Procedure Call Locator, RPC endpoint mapper,