Re: Win3k Forest Trusts



"DTM" <dan.moynihan@xxxxxxxxxxx> wrote in message...
We are trying to setup a trust between our DMZ and Internal network. The DMZ and Internal network are their own Forest both running Win3k with SP1 (firewall disabled). We have a firewall sitting between the two domains and we opened the necessary ports between them according to this MS link (http://support.microsoft.com/kb/q179442/). We have successfully created a one-way trust between the two forests. We are able to validate the trust without any errors. The problem comes when we are on our DMZ SQL server and try to add a new login with an AD user in the other forest (Internal). Our Internal domain shows up in the drop down menu but when we try to add a user it says the domain is unavailable.
Maybe we have our trust setup incorrectly. Any ideas on what we could look at in our situation.

See also these two articles.

Network Address Translators (NATs) can block Netlogon traffic
http://support.microsoft.com/kb/172227/

How to configure RPC dynamic port allocation to work with firewalls
http://support.microsoft.com/kb/154596/

--
Todd J Heron, MVP Windows Server - Networking
MCSE - Windows Server 2003/2000/NT; CCA


.