Solved

Creating a one way trust on a DMZ server

Posted on 2014-09-08
1
580 Views
Last Modified: 2014-12-09
I have setup a dmz server and made it a DC and transferred all of the roles from the 2003 DC to the 2012R2 DC.  All of the users and groups replicated without issue.  I DCpromo down the old 2003 DC.  I opened the firewall completely and then created a one way transitive forest trust from the Internal Domain controller.  I am having issues with validating the one way trust that I have established.    Both the internal and DMZ domains are on the domain functional level and the forest functional level of 2012R2.  When I try to validate the trust from the inside it says that it is valid.  However when I perform this check from the DMZ DC I get the following error message:  The local security authority is unable to obtain an RPC connection to the active directory domain controller DNS2.xxx.us  Please check that the name can be resolved and that the server is available.

I have downloaded portqry 2.0 and checked all of the ports I know to check.  The following ports are listening: 123. 135. 464, 49152, 389. 636. 3268, 3269, 53, 88
445 is filtered.  

I have checked the services for RPC to make sure they are running and the following are on both internal and external: Remote Procedure Call, Remote Procedure Call Locator, RPC endpoint mapper,

Any ideas?
0
Comment
Question by:red_75116
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 13

Accepted Solution

by:
George Sas earned 500 total points
ID: 40329885
Why would you need a trust relationship between two DC's in the same domain ?

Better use RODC on the perimeter network :
Designing RODCs in the Perimeter Network  - http://technet.microsoft.com/en-us/library/dd728028%28WS.10%29.aspx
Deploying RODCs in the Perimeter Network - http://technet.microsoft.com/en-us/library/dd728035%28WS.10%29.aspx

On the design article you can also find the ports needed in the firewall.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question