Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Cannot ping mydomain.local from my other trusted side.

Posted on 2015-02-06
5
53 Views
Last Modified: 2015-02-09
I already cannot remember if it is caused by removal of WINS. Suddenly our two-way trust domains between two trees becomes broken. Well, as I can see from side A to side B seems still fine but from side B to side A is broken. As I can see, I from side B cannot ping side A's DomainA.local while I from side A can ping side B's DomainB.local. Question is, why from side B I cannot ping side A's DomainA.local? Is it a DNS issue ? or WINS issue? or others? Please help.
0
Comment
Question by:Castlewood
  • 3
  • 2
5 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40595203
Are you able to ping via IP to machines in the other domain You probably do not have the proper DNS Forwarders in place on your domain controllers pointing to the other domain. You need DNS servers from the other domain to be able to provide name resolution so what you need to do it add a Conditional forwarder in DNS for domain A to Domain B. In Domain B you will need Conditional forwarders to domain A.

When you query a machine from a forest that is not in your forest root domain it needs to query the other DNS servers in the other forest to get a reply back.

Another thing you can do is create a secondary zone for Domain A in Domain. You can then do the same for Domain B in Domain A. If you go this route you will need to add "Zone Transfers" for the other forest on each of the Zones you want to present as read only.

If you have all of this in place and it still doesn't work might be a firewall related issue.

Will.
0
 

Author Comment

by:Castlewood
ID: 40595887
In side A's DNS servers I am able to add side B's DNS servers as the Secondary Zone. However I am NOT able to do that in side B's DNS severs since I even cannot see any side A's DNS servers listed in the Browse list. I guess one of the two ways of Trust is broken. The problem is, shall I fix the DNS before rebuilding the Trust or the opposite? How?
In side B I can ping side A's servers/hosts without a problem but just not the side A's domain name which is called domainA.local, which signals the Trust becomes broken.
As far as why I cannot ping domainA.local from side B? (As mentioned I can ping domainB.local from side A.) That I really need help as it won't get resolved at all.  Do I need to manually add any records in DNS or WINS in order to make this ping working? Please help.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40596766
On the DNS servers in DomainA did you add the DNS servers of DomainB to the Zone Transfers Tab? You cannot add Secondary Zones if you do not have Zone Transfers enable for the DNS server in the other domain.

Also why are you only using a 1 way trust and not 2 way? Are you trying to access resources in both domains?

Will.
0
 

Author Comment

by:Castlewood
ID: 40597117
Transfer in the tab has been enabled.
The Trust is a two-way. But one of them is broken. That is what I'm trying to figure out -- how to repair it?
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 40598495
Take a look below at the link in regards to Forest Trusts.
https://technet.microsoft.com/en-us/library/cc780479%28v=ws.10%29.aspx

Will.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article runs through the process of deploying a single EXE application selectively to a group of user.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question