I'm trying to create a two-way domain trust between two ad domains. The two networks are linked via VPN. Firewall is open.
Each domain has two DCs. One has 2008 R2 + 2016 with domain and forrest functional level at 2008 R2.
The other has 2x 2016 with domain and forrest functional level also at 2008 R2.
I have added DNS domains in reciprocal DNS first as a secondary domain, then as a conditional forwarding domain. I added both forward and reverse lookup. NSlookup-queries are answered fine. nslookup -q=ns domain2.local produces the expected results.
When I try to add the trust, message sais that the domain could not be found. This happens in command line and in the wizard on both ends the same way. There are no relevant events in event log.
One of the two domains (the one with the 2008R2+2016 DC) already has a trust to another domain in place. I added that trust back in 2016 and it was a very simple process that succeded on the first try.
What am I missing?