WAN Trusts

C

Craig Egge

Hello All,

We have two distinct AD sites connected via WAN. Each site can ping the
other and I can access data in each site by manually mapping a drive and
using a pre-ordained user account in each site.

We would like to configure a two-way trust between the sites but are not
having much success.

Hosts and LMHost files have been configured on each DC.
Each DC can ping the other.
IF we initiate a VPN connection between the sites ( bypassing the WAN
connection ), we can configure the trust with no problems.
Once we disconnect the VPN and try to validate the trust, the error is 'the
domain controller cannot be contacted for domain xxxx...'
If we try to create the trust using the WAN connection, the error is 'this
is not a windows domain.....'

NetDiag and DCDiag do not provide any errors.

If anybody has any ideas, it would be appreciated.

Thanks.
 
C

Craig Egge

Thanks Paul,

I might try opening these to determine if there is an issue...however, we
have an MPLS connection via two cisco routers ( direct WAN connection ) and
the Windows firewall is 'turned off' on each DC. A static route has been
created with the router as gateway on each end ( bypassing our ISA
servers ).

Paul Bergson said:
Sounds like there is a firewall blocking ports
http://support.microsoft.com/defaul...port/kb/articles/q179/4/42.asp&NoWebContent=1

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no
rights.
 
P

Paul Bergson

You could use portqry with the builtin queries for domains and see if there
is a port issue. Do from dc to dc

http://support.microsoft.com/default.aspx?kbid=832919

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.


Craig Egge said:
Thanks Paul,

I might try opening these to determine if there is an issue...however, we
have an MPLS connection via two cisco routers ( direct WAN connection )
and the Windows firewall is 'turned off' on each DC. A static route has
been created with the router as gateway on each end ( bypassing our ISA
servers ).
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Controlling Trust Traffic 1
WAN, Sites, Subnets 2
Client and DC 4
win 2000 / 2003 ad problem 1
Trusts 1
Questions about Trusts 10
Active Directory site link through WAN connections 2
Domain Trusts in 2k 1

Top