Re: can't make a trust

---

• From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
• Date: Thu, 28 Sep 2006 19:22:44 +0100

---

Hi
If you're trying Forest Trusts (only possible between W2k3 FFL), check DNS
configuration, generally conditional forwarding is a good option to use.
Understanding Trusts

http://technet2.microsoft.com/WindowsServer/en/library/0848f865-d078-423d-9036-aacb33fe93a51033.mspx?mfr=true

Creating Domain and Forest Trusts

http://technet2.microsoft.com/WindowsServer/en/library/f82e82fc-0700-4278-a166-4b8ab47b36db1033.mspx?mfr=true

Creating Forest Trusts

http://technet2.microsoft.com/WindowsServer/en/library/544d5801-205e-45b0-a1d7-cb9c39a7d7091033.mspx?mfr=true

How to Configure a Firewall for Domains and Trusts:

http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/q179/4/42.asp&NoWebContent=1


Use porqry to test the open ports:
support.microsoft.com/kb/310099/

--
I hope that the information above helps you

Good Luck
Jorge Silva
MCSA
Systems Administrator
"Michael" <Michael@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8F6BC349-C9E0-4F5B-B986-63210DDE25CF@xxxxxxxxxxxxxxxx

We are trying to make a 2-way trust between 2 domains in different forests
across a firewall

i think we have all the right ports open but when I try to make the trust
says it can't connect to the other domain. Ping works both ways and I
created a DNS entry for the server itself.

Any ideas as to what I am missing?

object-group service AD-services-udp udp
port-object eq 135
port-object eq netbios-ns
port-object eq netbios-dgm
port-object eq 445
port-object eq 389
port-object eq 88
port-object eq domain
port-object eq 139
port-object eq 636
port-object eq 3389

object-group service AD-services-tcp tcp
port-object eq 135
port-object eq 137
port-object eq netbios-ssn
port-object eq domain
port-object eq 88
port-object eq ldap
port-object eq ldaps
port-object eq 445
port-object eq 3389
port-object eq 3268
port-object eq 3269
port-object eq 49152
port-object eq 49153

.

---

• Follow-Ups:
  • Re: can't make a trust
    • From: Michael

• Prev by Date: Re: Domain Upgrade
• Next by Date: Re: Exceeded Tombstone Lifetime
• Previous by thread: Re: Installing selective programs with AD GPO or other
• Next by thread: Re: can't make a trust
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: cant make a trust ... Ok, external trust works with Wins, or DNS. ... If you want to use DNS you need secondary Zones in each end. ... If you're trying Forest Trusts, ... port-object eq netbios-ns ... (microsoft.public.windows.server.active_directory) Re: cant make a trust ... Is external trust or Forest Trust? ... Systems Administrator ... If you're trying Forest Trusts, ... port-object eq netbios-ns ... (microsoft.public.windows.server.active_directory) Re: cant make a trust ... How Dns is setup? ... If you're trying Forest Trusts, ... Understanding Trusts ... port-object eq netbios-ns ... (microsoft.public.windows.server.active_directory) Re: cant make a trust ... Is external trust or Forest Trust? ... Systems Administrator ... If you're trying Forest Trusts, ... port-object eq netbios-ns ... (microsoft.public.windows.server.active_directory) Re: cant make a trust ... How Dns is setup? ... If you're trying Forest Trusts, ... port-object eq netbios-ns ... (microsoft.public.windows.server.active_directory)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)