windows 2000 trust issues

R

rdhouck

I have 2 2000 DC's on different subnets on which I am trying to create
a one way trust between the two but having a hell of a time.


I have wins running on both dc's. Both are set as client/servers.


I have also setup dns for both zones on each machine.


I can ping and resolve the DC's from both networks but still no luck.


I am recieving the following error:


The DomainName domain cannot be contacted. If this domain is a Windows
domain, the trust cannot be set up until the domain is contacted. Click

Cancel and try again later. If this is an interoperable non-Windows
Kerberos realm and you want to set up this side of the trust, click OK.



Any help is greatly appreciated.


Rich
 
J

Jorge Silva

Hi

answers in line
I have also setup dns for both zones on each machine.
Click to expand...

How do you exactly have the dns configured in EACH DOMAIN?
are you using for local domain - AD integrated
and for remote domain - secondary ?, Conditional Forwarding, stub zone?

Are the servers IPAddress dns configured to itself?

If you can please post here the results for IPconfig /all for each server.


This can be also a Ports FW problem check for ports needed in a trust here:
Domain and Forest Trust Tools and Settings
http://technet2.microsoft.com/WindowsServer/en/Library/108124dd-31b1-4c2c-9421-6adbc1ebceca1033.mspx


--
I hop that helps

Good Luck
Jorge Silva
MCSA
Systems Administrator
 
R

rdhouck

Hello Jorge, im still fighting this problem.

I have no routing between the the 2 subnets. 10.1.1 and 192.168.1

Each machine has 2 ip's one on each subnet in order to contact each
other. Is there away to do away with that?

Could this also be my problem? Or is that needed to establish the trust
then remove the second ip?

Rich
 
J

Jorge Silva

Hi
I have no routing between the the 2 subnets. 10.1.1 and 192.168.1
Click to expand...

Are the servers connected to the same switch/Hub device?
If yes - Is it possible to have the same both servers under the same
Subnet/IpAddress?
Each machine has 2 ip's one on each subnet in order to contact each
other. Is there away to do away with that?
Click to expand...

Why? only one Dc need to have 2 IPAdress to contact the other subnet.
DCs with multiple NICs are not recomendable
Check:
Active Directory communication fails on multihomed domain controllers

http://support.microsoft.com/?id=272294

Name resolution and connectivity issues on a Routing and Remote Access
Server that also runs DNS or WINS

http://support.microsoft.com/kb/292822

Could this also be my problem? Or is that needed to establish the trust
then remove the second ip?
Click to expand...

If you remove the 2nd IPAddress the servers won't be able to contact each
other...!!!



--
I hop that helps

Good Luck
Jorge Silva
MCSA
Systems Administrator
 
R

rdhouck

Hello Again Jorge,

I have setup secondary zones for the second domain on each DC.I dont
belive stubzones are an option in 2000.

Look ups are working correctly from each domain to the secondary zone.


Shouldn't things just work after that? I can resolve\ping\browse the
other networks by mapping shares but still no luck on the trust.

On the 10 net im recieving the following error: The security database
on this server does not have a computer account for this workstation
trust relationship.

Here is the results of my ipconfig /all

indows 2000 IP Configuration

Host Name . . . . . . . . . . . . : dc1
Primary DNS Suffix . . . . . . . : test.test.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : test.test.com
test2.test.com

thernet adapter 192.168.66.15:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Gigabit Server Adapter #2
Physical Address. . . . . . . . . : 00-0B-CD-AF-76-8F
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.1.25
Subnet Mask . . . . . . . . . . . : 255.0.0.0
IP Address. . . . . . . . . . . . : 192.168.66.15
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 192.168.70.1
DNS Servers . . . . . . . . . . . : 192.168.66.15
192.168.66.26
Primary WINS Server . . . . . . . : 192.168.66.25


Rich
 
J

Jorge Silva

Hi
Here is the results of my ipconfig /all

indows 2000 IP Configuration

Host Name . . . . . . . . . . . . : dc1
Primary DNS Suffix . . . . . . . : test.test.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : test.test.com
test2.test.com

thernet adapter 192.168.66.15:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Gigabit Server Adapter #2
Physical Address. . . . . . . . . : 00-0B-CD-AF-76-8F
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.1.25
Subnet Mask . . . . . . . . . . . : 255.0.0.0
IP Address. . . . . . . . . . . . : 192.168.66.15
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 192.168.70.1
DNS Servers . . . . . . . . . . . : 192.168.66.15
192.168.66.26
Primary WINS Server . . . . . . . : 192.168.66.25
Click to expand...

This DNS configuration is wrong...
Both DNS servers must point to itself in their NIC dns properties:

E.g - If the IPAddress is 10.1.1.25 then under my NIC properties on Dns
should be 10.1.1.25
If the IPAddress is 192.168.1.66.15 then under my NIC properties on Dns
should be 192.168.1.66.15

--
I hop that helps

Good Luck
Jorge Silva
MCSA
Systems Administrator
 
R

rdhouck

The machine I displayed the ipconfig for has 2 ip's. Its primary ip is
on the 192 net and secondary on the 10 net.

Prefered Dns is pointing to itself : 192.168.66.15

Secondary is pointing to the second dc in the domain. Or should this be
pointing to 10.1.1.1?


The machine on the 10 net :

Prefered Dns is pointing to itself 10.1.1.1

Secondary is pointing to the other dc 192.168.66.15

is this not correct?
 
R

Rich

Ive almost got it working, I setup wins to replicate between the
domain. This seems to have done it but im getting an RPC server is
unavible on the 10 net.


Rich
 
J

Jorge Silva

Hi

Can you share what did you do to make it work?


--
I hop that helps

Good Luck
Jorge Silva
MCSA
Systems Administrator
 
R

Rich

From the Begining:

Setup Secondary Dns Zones on each DC for the exteral Domain and allow
zone transfers.

from the tcp/ip /advanced/dns tab add in both Domain entires under
Append these dns suffixes. check the box that says register these dns
suffixes.

Setup a wins Server on Both DC's. Point each wins server to it self in
tcp/ip advanced/wins connections tab.

Synchronize both wins servers.

Then run AD Domains and Trusts to create the trust.

That did it.

Rich
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

AD Trust to NT4 Domain 3
Trust Relationships 4
Trust Releationship 1
Cannot establish trust 'tween 2000 & 2003 domain 2
Cross Forest Trust 12
Cannot establish trust 2
External Trust Between W2K and Server 2003 11
Creating a trust between 2 Windows 2000 Domains 4

Top