Re: Trust between two Forests Fail
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Tue, 13 Feb 2007 17:17:57 -0600
"John Kolodziejski" <John Kolodziejski@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:85296541-7405-43AD-837F-25CD657B09E5@xxxxxxxxxxxxxxxx
I work for a company that has just been purchased by another company. As
per
Microsoft Technet "When to create a Forest Trust" a Forest trust fits
our
situation perfectly. We are attempting to create a Forest level-two-way
trust.
We have run the complete check list " Checklist: Creating a forest trust
".
Both companies are running only Windows 2003 Servers. Both Domain and
Forest
Functional Levels are set to the highest Level. Company A is running all
services under Windows Active Directory (DNS, WINS and so on), Company B
is
not running DNS under Windows Active Directory. They are using Linux.
While using non-Microsoft DNS is possible, the Microsoft DNS is almost
always superior to support AD domains and clients.
We have set up secondary zones in each DNS name space
Presumably you setup secondary DNS on each DNS server set for the OTHER
DNS (name tree). This is not however likely to be your problem unless they
have messed up the DYNAMIC DNS on their side.
.. and we have established Zone
transfers between our two DNS Servers. A DNS lookup does work for both
sides.
So everything for Forest B DNS can be found from Forest A DNS? And vice
versa?
When company A tries to complete a Forest Level Trust, the trust Wizard
works, and the trust is completed and shows on both active directories,
but
when a "Validate " is done on "Incoming" and "Out Going" we receive an
error.
"the Trust cannot be validated for the following reasons: The outgoing
trust
It seems that I MAY RECALL (very unconfirmed) that sometimes the "validate"
may be brokent with the trust working. Does it function? Is validate the
only
thing that gives errors?
was successfully validated. Secure channel (SC) reset on Domain Controller
\\x.companyBdomain.com of domain companyB.com to domain companyA.com
failed
with error. There are currently no logon servers available to service the
logon request.
Do all DCs in BOTH forests pass a complete "DCDiag /c" with NO FAIL or WARN
messages?
When company B tries to complete the trust wizard, they enter in our
company's domain name, and they get an error, "Domain not found".
You should carefully check the DNS resolution from that side to the other
resources.
We have search all over an only came up with a KB document that allies to
Windows NT 4 and earlier.
--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)
.
- Follow-Ups:
- Re: Trust between two Forests Fail
- From: John Kolodziejski
- Re: Trust between two Forests Fail
- Prev by Date: Re: domain user login on domain server ?
- Next by Date: Re: 64-Bit Domain Controller and Global Catalog Server
- Previous by thread: Verifying Logon Server
- Next by thread: Re: Trust between two Forests Fail
- Index(es):
Relevant Pages
|
Loading
