Problem setting up Forest Trust - Win2003 Forests

[arrarte]

Hello Everyone,

I have gone through the step-by-step process of setting up a forest
trust between two AD Forests. I get this error when I try to validate
the trust:
The secure channel (SD) reset on domain controller \\server.abc.com of
domain abc.dom to domain xyz.com failed with error: There are
currently no logon servers available to service the logon request.

I get the same error for both outgoing and incoming trust validation.
Both forests (and all domains) are at Windows Server 2003 functional
level.
Each forest has AD integrated zones. I have set up conditional
forwarding for name resolution. I can ping abc.com from a server in
xyz.com and vice-versa.
I can also go to \\server.abc.com from a workstation in xyz.com (after
inputting required credentials).

I have a VPN tunnel between both Forests as they are in different
physical sites.

Am I missing a prerequisite? I am not using WINS in either
environment.
I have also tried transferring the DNS zones to each respective
environment as a secondary zone, but the same issue exists.

If anyone has some advice, that would be greatly appreciated.

Thanks in advance.

 

[Ryan Hanisco]

Make sure you can find the srv records in the DNS on the other domain
from the trusting domain. Ping the domain without a host as xyz.com.
If you do not resolve to a domain, then you are not resolving the
domains correctly.

If this isn't working for you, you can put domain records in LMhosts and
create the trusts with netdom -- make sure you are using the new 2003
version, even on 2000. Just note that you would create the trust with
the netbios name. (Of course, you can use netdom to verify and create
trusts with FQDN... You should work through the DNS problems, but in a
pinch, this will work.)

Ryan Hanisco