Solved

Cannot ping mydomain.local from my other trusted side.

Posted on 2015-02-06
5
50 Views
Last Modified: 2015-02-09
I already cannot remember if it is caused by removal of WINS. Suddenly our two-way trust domains between two trees becomes broken. Well, as I can see from side A to side B seems still fine but from side B to side A is broken. As I can see, I from side B cannot ping side A's DomainA.local while I from side A can ping side B's DomainB.local. Question is, why from side B I cannot ping side A's DomainA.local? Is it a DNS issue ? or WINS issue? or others? Please help.
0
Comment
Question by:Castlewood
  • 3
  • 2
5 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
Comment Utility
Are you able to ping via IP to machines in the other domain You probably do not have the proper DNS Forwarders in place on your domain controllers pointing to the other domain. You need DNS servers from the other domain to be able to provide name resolution so what you need to do it add a Conditional forwarder in DNS for domain A to Domain B. In Domain B you will need Conditional forwarders to domain A.

When you query a machine from a forest that is not in your forest root domain it needs to query the other DNS servers in the other forest to get a reply back.

Another thing you can do is create a secondary zone for Domain A in Domain. You can then do the same for Domain B in Domain A. If you go this route you will need to add "Zone Transfers" for the other forest on each of the Zones you want to present as read only.

If you have all of this in place and it still doesn't work might be a firewall related issue.

Will.
0
 

Author Comment

by:Castlewood
Comment Utility
In side A's DNS servers I am able to add side B's DNS servers as the Secondary Zone. However I am NOT able to do that in side B's DNS severs since I even cannot see any side A's DNS servers listed in the Browse list. I guess one of the two ways of Trust is broken. The problem is, shall I fix the DNS before rebuilding the Trust or the opposite? How?
In side B I can ping side A's servers/hosts without a problem but just not the side A's domain name which is called domainA.local, which signals the Trust becomes broken.
As far as why I cannot ping domainA.local from side B? (As mentioned I can ping domainB.local from side A.) That I really need help as it won't get resolved at all.  Do I need to manually add any records in DNS or WINS in order to make this ping working? Please help.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
Comment Utility
On the DNS servers in DomainA did you add the DNS servers of DomainB to the Zone Transfers Tab? You cannot add Secondary Zones if you do not have Zone Transfers enable for the DNS server in the other domain.

Also why are you only using a 1 way trust and not 2 way? Are you trying to access resources in both domains?

Will.
0
 

Author Comment

by:Castlewood
Comment Utility
Transfer in the tab has been enabled.
The Trust is a two-way. But one of them is broken. That is what I'm trying to figure out -- how to repair it?
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
Comment Utility
Take a look below at the link in regards to Forest Trusts.
https://technet.microsoft.com/en-us/library/cc780479%28v=ws.10%29.aspx

Will.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now