Problem setting up Forest Trust - Win2003 Forests



Hello Everyone,

I have gone through the step-by-step process of setting up a forest
trust between two AD Forests. I get this error when I try to validate
the trust:
The secure channel (SD) reset on domain controller \\ of
domain abc.dom to domain failed with error: There are
currently no logon servers available to service the logon request.

I get the same error for both outgoing and incoming trust validation.
Both forests (and all domains) are at Windows Server 2003 functional
Each forest has AD integrated zones. I have set up conditional
forwarding for name resolution. I can ping from a server in and vice-versa.
I can also go to \\ from a workstation in (after
inputting required credentials).

I have a VPN tunnel between both Forests as they are in different
physical sites.

Am I missing a prerequisite? I am not using WINS in either
I have also tried transferring the DNS zones to each respective
environment as a secondary zone, but the same issue exists.

If anyone has some advice, that would be greatly appreciated.

Thanks in advance.

Ryan Hanisco

Make sure you can find the srv records in the DNS on the other domain
from the trusting domain. Ping the domain without a host as
If you do not resolve to a domain, then you are not resolving the
domains correctly.

If this isn't working for you, you can put domain records in LMhosts and
create the trusts with netdom -- make sure you are using the new 2003
version, even on 2000. Just note that you would create the trust with
the netbios name. (Of course, you can use netdom to verify and create
trusts with FQDN... You should work through the DNS problems, but in a
pinch, this will work.)

Ryan Hanisco

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question