Cannot establish trust relationship between 2 servers...

O

Ola

Hello all,

I have two Servers running active directory. One is
hosting exchange while the other is hosting files...

In trying to get on the internet, I am using the IP of the
first machine for DNS. It is pointing to itself and using
my ISPs DNS address in forwarders. I am also pointing all
the other PCs on the network to the local IP of the first
server for DNS. Should I be using the same IP address of
my first server for my second server for DNS as well or
should the second server point to itself?

I see the two domains when I look in Network Neighborhood,
and I can ping either machine, the router and the DNS
addresses on the router. Unfortunately, when I try to
establish trust relationship between the two, I get the
error message that the other domain cannot be contacted.


My first problem is this

Server1 name gwic
domainname gwiconline.com

Server2 name forbes
domainname gwic.biz

When server1 boots up, it says duplicate name on network
and there is no other name that looks like gwic on this
network other than the domain name of server2. I cannot
seem to change the name because both are domain
controllers.

Can someone please tell me what I did wrong?
 
S

Stew Basterash

OK...

If you have two seperate domains... each has it's own DNS... correct... Each
needs to be able to see one another via TCP/IP... and Each DNS server must
forward requests to the other... First make sure you can PING each server...
then add domain1 as a forwarder in domain2, and vis-versa... This should
allow you to set up your trust...

As for forwarding to the internet that is another question and there are
security issues related to that... however... the way you have it should be
sufficient as long as you have the appropriate security measures in place...
 
O

Ola

My forwarders to the ISPs DNS servers are for the
Exchange Server, I thought that this was necessary.
Please correct me if I am wrong. I take it that the file
server can have its own IP as its own DNS and then use
the IP address of the second server as forwarder and vice
versa as you said, but add the ISPs DNS to the forwarders
in the Server with Exchange. Please correct me if I am
wrong.

Thanks

Ola
 
A

Ace Fekay [MVP]

In
Ola said:
My forwarders to the ISPs DNS servers are for the
Exchange Server, I thought that this was necessary.
Please correct me if I am wrong. I take it that the file
server can have its own IP as its own DNS and then use
the IP address of the second server as forwarder and vice
versa as you said, but add the ISPs DNS to the forwarders
in the Server with Exchange. Please correct me if I am
wrong.

Thanks

Ola

Forwarding is the recommended practice, so you're ok there, Ola.

As for the dupe names, does that server have mutliple NICs in it? That is a
known issue with duplicate names. if it has mutliple NICs, I would suggest
to disable NetBIOS on the one that is not on the internal domain subnet.

Also, thinking further, looking at your domain config:
Server1 name gwic
domainname gwiconline.com

Server2 name forbes
domainname gwic.biz

If the gwic.biz domain's NetBIOS domain name is GWIC, then that will
conflict with Server1's computer name. All computernames, workgroup names,
group names, user names and domain names must be unique in any Microsoft
network.

As for the trust between two different domains NOT in the same forest, and
if this is W2k, then the trust relies on NetBIOS resolution. The dupe name
issue can kill that. If the DCs are on different subnets, then we have to
give some sort of NetBIOS name resolution support, such as LMHOSTS or using
WINS (preferred). But I assume you are on the same subnet or already have
NetBIOS support since you are getting the dupe name error.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top