Solved

Cannot ping mydomain.local from my other trusted side.

Posted on 2015-02-06
5
54 Views
Last Modified: 2015-02-09
I already cannot remember if it is caused by removal of WINS. Suddenly our two-way trust domains between two trees becomes broken. Well, as I can see from side A to side B seems still fine but from side B to side A is broken. As I can see, I from side B cannot ping side A's DomainA.local while I from side A can ping side B's DomainB.local. Question is, why from side B I cannot ping side A's DomainA.local? Is it a DNS issue ? or WINS issue? or others? Please help.
0
Comment
Question by:Castlewood
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40595203
Are you able to ping via IP to machines in the other domain You probably do not have the proper DNS Forwarders in place on your domain controllers pointing to the other domain. You need DNS servers from the other domain to be able to provide name resolution so what you need to do it add a Conditional forwarder in DNS for domain A to Domain B. In Domain B you will need Conditional forwarders to domain A.

When you query a machine from a forest that is not in your forest root domain it needs to query the other DNS servers in the other forest to get a reply back.

Another thing you can do is create a secondary zone for Domain A in Domain. You can then do the same for Domain B in Domain A. If you go this route you will need to add "Zone Transfers" for the other forest on each of the Zones you want to present as read only.

If you have all of this in place and it still doesn't work might be a firewall related issue.

Will.
0
 

Author Comment

by:Castlewood
ID: 40595887
In side A's DNS servers I am able to add side B's DNS servers as the Secondary Zone. However I am NOT able to do that in side B's DNS severs since I even cannot see any side A's DNS servers listed in the Browse list. I guess one of the two ways of Trust is broken. The problem is, shall I fix the DNS before rebuilding the Trust or the opposite? How?
In side B I can ping side A's servers/hosts without a problem but just not the side A's domain name which is called domainA.local, which signals the Trust becomes broken.
As far as why I cannot ping domainA.local from side B? (As mentioned I can ping domainB.local from side A.) That I really need help as it won't get resolved at all.  Do I need to manually add any records in DNS or WINS in order to make this ping working? Please help.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40596766
On the DNS servers in DomainA did you add the DNS servers of DomainB to the Zone Transfers Tab? You cannot add Secondary Zones if you do not have Zone Transfers enable for the DNS server in the other domain.

Also why are you only using a 1 way trust and not 2 way? Are you trying to access resources in both domains?

Will.
0
 

Author Comment

by:Castlewood
ID: 40597117
Transfer in the tab has been enabled.
The Trust is a two-way. But one of them is broken. That is what I'm trying to figure out -- how to repair it?
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 40598495
Take a look below at the link in regards to Forest Trusts.
https://technet.microsoft.com/en-us/library/cc780479%28v=ws.10%29.aspx

Will.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Matching variables and Compare-Object 24 55
How to use Powershell data from SQL 151 65
Unable to hit site 2 30
Is it mandatory to keep PTR record of NS server in zone file? 4 23
This article runs through the process of deploying a single EXE application selectively to a group of user.
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question