Dns/Trust problem

[Dave]

I have two domain controllers Server A = Dave.co.uk (192.168.1.1) and Server
B Chris.co.uk 192.168.1.2 same sub net. On server A when I installed dns it
created a forward look up zone dave.co.uk and some sub directories i.e.
_msdcs, _sites, _tcp etc. I believe these sub directories are AD Info. The
same happened on Server B but it created a forward lookup called
Chris.co.uk. I then added a new zone on Server A called Chris.co.uk and
added a host for the server called ServerB (192.168.1.2) there was no sub
directories i.e. _msdcs, _sites etc. I repeated this for Server B creating
new zone Dave.co.uk and host ServerA (192.168.1.1). I know this points to a
dns problem but I don't know what or why it can not find each other.

This seems to work fine when I ping ServerB.dave.co.uk from server A and
ping ServerB from ServerA. I get a reply and ping displays the correct IP.

My problem is when I come to make a trust so that Server B is the trusting
server.On Server B I go into AD Domains and Trusts then properties then
trusts. I add a trust to domain trusted by this domain. trust domain =
Dave.co.uk password Golf and say ok. Then I get a message saying the domain
dave.co.uk cannot be contacted. The same happens on server A. Can anybody
help?

 

[Michael Snyder [MSFT]]

Dave, check to make sure that the Service Locator Records are registered for
both of the domains. If you don't see SRV records under each of the domains
on your DNS server, enable unsecure dynamic update on your zones and reboot
your DCs.

 

[Dave]

Not quite sure what you mean. On server A I have Forward look up zones one
being the domain name of Server A which has sub directories _msdcs, _sites,
_Tcp and _udp which have again sub directories and within the sub
directories some SRV files are present. But the forward lookup zone for
Server B which I created does not have these sub directories.

How do I enable dynamic update?

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Not quite sure what you mean. On server A I have Forward look up
zones one being the domain name of Server A which has sub directories
_msdcs, _sites, _Tcp and _udp which have again sub directories and
within the sub directories some SRV files are present. But the
forward lookup zone for Server B which I created does not have these
sub directories.

How do I enable dynamic update?

Use the DNS snap in console expand Forward Lookup Zones then open the zone
you want to enable dynamic updates on, then either by right clicking on the
open zone or using Action in the menu select properties, You will see "Alow
dynamic updates?" on the general tab you can select "Yes" or "No". If the
zone is AD Integrated you also have the option of "Secure updates only",
which is the main advantage to having you DNS on a DC, only a DC can have AD
Integrated zone in Win2k.

 

[Dave]

I have done this but still have the sames problem. whne I us nslookup on
server A i.e nslookup it tell me the correct info for ip address and name,
but when i type nslookup ls -d chris.com it says domain not found. If i use
the same command and type ls -d dave.co.uk it says domain not found. any
help. The main problem is when I try creating a one way trust server B the
trusting domain it cannot find the domain.

 

[Kevin D. Goodknecht Sr. [MVP]]

In

I have done this but still have the sames problem. whne I us nslookup
on server A i.e nslookup it tell me the correct info for ip address
and name, but when i type nslookup ls -d chris.com it says domain not
found. If i use the same command and type ls -d dave.co.uk it says
domain not found. any help. The main problem is when I try creating a
one way trust server B the trusting domain it cannot find the domain.

See my post in your other thread on this subject.

That being said The ls -d command is actually a zone transfer you will have
to allow zone transfers from the server nslookup is looking at to the
machine you are running the command on.

 

[Michael Snyder [MSFT]]

Instead of using nslookup here, try nltest /dsgetdc:<domain name>
If that succeeds, then your DNS records can be found.
If that fails, then you need to re-examine your DNS configuration.

When you create the trust, are you using the DNS name, or the netbios name
of the other domain?
--
Michael Snyder
Active Directory Admin Tool Test

This posting is provided "AS IS" with no warranties, and confers no rights.