Trust Relationships

[LeeLee]

I'm trying to set up a trust relationship between our
domain (hai.com) and another domain (hai_ssgi.com), and
when trying to setup the trust I receive an error
message "The hai.com domain cannot be contacted. If this
domain is a windows domain, the trust cannot be set up
until the domain is contacted. Click cancel and try again
later. If this is an interoperable non-windows kerberos
realm and you want to set up this side of the trust. click
ok.

Now ... both domain are in a windows domain; however, I
can see hai_ssgi from our side (hai.com) but cannot see
hai through hai_ssgi. Although, I can ping hai.com
through hai_ssgi - I can't browse through network
neighborhood; I can tracert the name and IP address as
well as ping and it look fine. My only concern (or
problem) is that I can't browse the domain (contact it) to
set the trust.

Any assistance will be greatly appreciated, thanks in
advance.

LeeLee

 

[Herb Martin]

I'm trying to set up a trust relationship between our
domain (hai.com) and another domain (hai_ssgi.com), and
when trying to setup the trust I receive an error
message "The hai.com domain cannot be contacted. If this
domain is a windows domain, the trust cannot be set up
until the domain is contacted. Click cancel and try again

Usually this is a NetBIOS (missing WINS server) problem.

If you are own multiple subnets, you need to use WINS and
have ALL of the DCs (other machines too) become WINS
clients in their NIC IP (advanced) properties.

later. If this is an interoperable non-windows kerberos
realm and you want to set up this side of the trust. click
ok.

It might also be related to failure to resolve DNS but usually
it is NetBIOS.

 

[Jim Singh]

This sounds like a name resolution problem, apparently one of the domains
cant see the other one. What you can do is write an LMHOSTS file on the
server from which you are trying to setup trust. In the LMHOST file put the
FQDN of the target domain and the ipaddresses associated with it. Once this
is done, try to run the following command:
Nltest /get dc: domainname

where domain name is the target domain. This cmd will enumerate the target
dc list. Now, try to establish the trust. Another thing you can look into is
if you have rights into that domain and that domain doesnt have delegated
authority. Because if this is the case, you might have to establish the
trust by physically going to the target domain DC box and initiating it.

-Jim

 

[LeeLee]

A LMHosts has been created on both sides of the server,
and has been place in the correct location; before the
LMhost was created I was having problems with the zones
not being able to transfer data, and when creating the
LMHosts, which I'm not exactly sure if this fix my problem
but it work afterwards, my zones was able to transfer
there data. The problem still lies in browsing hai
network from hai_ssgi side of the domain. Again, I can do
everything from pinging and tracert do this domain just
not able to browse it.

And since it can't see the hai domain the trust will not
function properly. I have been up to my eyeballs with
this trying everything possible to fix the problem. I'm
assuming that maybe it's a browser issue, which is my next
step.

thanks

 

[Herb Martin]

there data. The problem still lies in browsing hai

network from hai_ssgi side of the domain. Again, I can do
everything from pinging and tracert do this domain just
not able to browse it.

WINS Server is a WHOLE lot easier.

With LMHOSTS files you must list every DC as both a
Machine and as a "DC", plus you must list the PDC/emulator
as the Domain Master browser, and then these files must
be distributed (and maintained) on every machine that MIGHT
need them.

Use WINS.