One-Way Trust Problem

  • Thread starter Robert D. Vanderslice II
  • Start date
R

Robert D. Vanderslice II

I have two AD forests with a one-way trust between them that validates as
good from both forests.

In the trusted forest I have a primary forward lookup entry in DNS with
zone transfers set to a secondary forward lookup DNS entry in the trusting
forest. I am able to pull DNS entries from the master.

I cannot ping in either direction do to ACL restrictions in the routers.

Users from the trusted forest can access previously assigned resources in
the trusting forest with no problem.

I cannot however assign new resources for users in the trusted forest. I
either get "Server is not operational" or "the trust relationship is not
working" error messages when I try and allocate additional resources. As
stated above, the trust has been verified from both forests as good.

Does anyone have any suggestions as to where I might start troubleshooting
this?

Thank you fro your time!

Robert
 
J

Jody Flett [MSFT]

Hi Robert

Have you see nthis article?
http://support.microsoft.com/default.aspx?scid=kb;en-us;306980 I think you
have probably got this covered but it is worth a check....

As you can use existing resources but not set up new resources and if you
are going through routers that have restrictions on them it could be that
there is a network issue, or maybe some ports are blocked that are needed?
running a network trace at either end whilst attempting to create the
resource may show you if packets are going missing or not arriving at their
destination. Additionally ensure that routers are not dropping packets over
a certain size....
http://support.microsoft.com/default.aspx?scid=kb;en-us;179442
 
R

Robert D. Vanderslice II

Jody,

I want to thank you for your effort in replying.

The issue was resolved this afternoon.

It seems that the administrator of the trusted domain (native mode) had
applied a security policy that prevented anonymous logins. This is
required if you have a trust with a down-level domain, which the trusting
domain(mixed mode)is.

Most likely this occurred when he ran the Baseline Security Analyzer, as
this security policy is detected as a major vulnerability if it is not
applied.

Robert
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Controlling Trust Traffic 1
Forest trust - Administrator rights 5
Trust Problem 3
Further question regarding transitive nature of forest trusts 2
Multi forest and Citrix farm 1
Problem setting up Forest Trust - Win2003 Forests 1
Trust Between 2003 forest and 2000 forest 2
win2003 external trust problem between domains in different forests 2

Top