Active Directory Trust Issue

Hello,

I have a two way trust forest between two domains in my organization.

My Organization setup as below:
Forest 1 : 6 domain controllers .no firewall between thise domains.
Forest 2: 6 domain controllers . Every two domain in separate locations.

Forest2Domain01&02 in separate location with there clients with firewall in between other domains
Forest2Domain03&04 in separate location with there clients with firewall in between other domains.
Forest2Domain05&06 in separate location with there client with firewall in between other domains.

We have issue with the last 2 domains05&06 which we can't validate the trust with Forest1 RPC Services Unavailable. And i can't add any user from forest1 in any local admin group clients belong to domain05&06. This issue not exist with other 4 domains which i can add and locate users from Forest1.

It was working before but it stopped suddenly .

Regards,
LVL 2
fadyazAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
If this was working then the first thing to check is the following...
- DNS Configured Correctly
- Event Logs
- Services on the Domain Controllers started

Things do not just stop working. If they were working then likely a stopped service or something blocking communication or misconfigured.

Will.
0
fadyazAuthor Commented:
What DNS configuration i have to check & which services i have to check also .

In Addition, for the all three firewalls should have ports opened between those domains the the domains in Forest1.
Regardd,
0
Will SzymkowskiSenior Solution ArchitectCommented:
Check Acitve Directory Domain Service is running, NetLogon Service. Check the Directory Service Event Logs on the DC's as well as the applicaiton log as well.

In Addition, for the all three firewalls should have ports opened between those domains the the domains in Forest1.

Depending on what services are you using you will need to have several ports open for Active Directory to work.

What I would suggest is if you have any ports being blocked open the VPN tunnel wide open, test it again, if it works then you know its ports that are being blocked which is creating the issue.

If this is the case start to scale back and only open the ports required on the firewall for AD to work proeprly. Below is a list of port required.

Active Directory Ports required for Domain/Forest Trusts
https://support.microsoft.com/en-us/kb/179442

Will.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.