windows 2000 trust issues


R

rdhouck

I have 2 2000 DC's on different subnets on which I am trying to create
a one way trust between the two but having a hell of a time.


I have wins running on both dc's. Both are set as client/servers.


I have also setup dns for both zones on each machine.


I can ping and resolve the DC's from both networks but still no luck.


I am recieving the following error:


The DomainName domain cannot be contacted. If this domain is a Windows
domain, the trust cannot be set up until the domain is contacted. Click

Cancel and try again later. If this is an interoperable non-Windows
Kerberos realm and you want to set up this side of the trust, click OK.



Any help is greatly appreciated.


Rich
 
Ad

Advertisements

J

Jorge Silva

Hi

answers in line
I have also setup dns for both zones on each machine.

How do you exactly have the dns configured in EACH DOMAIN?
are you using for local domain - AD integrated
and for remote domain - secondary ?, Conditional Forwarding, stub zone?

Are the servers IPAddress dns configured to itself?

If you can please post here the results for IPconfig /all for each server.


This can be also a Ports FW problem check for ports needed in a trust here:
Domain and Forest Trust Tools and Settings
http://technet2.microsoft.com/WindowsServer/en/Library/108124dd-31b1-4c2c-9421-6adbc1ebceca1033.mspx


--
I hop that helps

Good Luck
Jorge Silva
MCSA
Systems Administrator
 
R

rdhouck

Hello Jorge, im still fighting this problem.

I have no routing between the the 2 subnets. 10.1.1 and 192.168.1

Each machine has 2 ip's one on each subnet in order to contact each
other. Is there away to do away with that?

Could this also be my problem? Or is that needed to establish the trust
then remove the second ip?

Rich
 
J

Jorge Silva

Hi
I have no routing between the the 2 subnets. 10.1.1 and 192.168.1

Are the servers connected to the same switch/Hub device?
If yes - Is it possible to have the same both servers under the same
Subnet/IpAddress?
Each machine has 2 ip's one on each subnet in order to contact each
other. Is there away to do away with that?

Why? only one Dc need to have 2 IPAdress to contact the other subnet.
DCs with multiple NICs are not recomendable
Check:
Active Directory communication fails on multihomed domain controllers

http://support.microsoft.com/?id=272294

Name resolution and connectivity issues on a Routing and Remote Access
Server that also runs DNS or WINS

http://support.microsoft.com/kb/292822

Could this also be my problem? Or is that needed to establish the trust
then remove the second ip?

If you remove the 2nd IPAddress the servers won't be able to contact each
other...!!!



--
I hop that helps

Good Luck
Jorge Silva
MCSA
Systems Administrator
 
R

rdhouck

Hello Again Jorge,

I have setup secondary zones for the second domain on each DC.I dont
belive stubzones are an option in 2000.

Look ups are working correctly from each domain to the secondary zone.


Shouldn't things just work after that? I can resolve\ping\browse the
other networks by mapping shares but still no luck on the trust.

On the 10 net im recieving the following error: The security database
on this server does not have a computer account for this workstation
trust relationship.

Here is the results of my ipconfig /all

indows 2000 IP Configuration

Host Name . . . . . . . . . . . . : dc1
Primary DNS Suffix . . . . . . . : test.test.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : test.test.com
test2.test.com

thernet adapter 192.168.66.15:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Gigabit Server Adapter #2
Physical Address. . . . . . . . . : 00-0B-CD-AF-76-8F
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.1.25
Subnet Mask . . . . . . . . . . . : 255.0.0.0
IP Address. . . . . . . . . . . . : 192.168.66.15
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 192.168.70.1
DNS Servers . . . . . . . . . . . : 192.168.66.15
192.168.66.26
Primary WINS Server . . . . . . . : 192.168.66.25


Rich
 
J

Jorge Silva

Hi
Here is the results of my ipconfig /all

indows 2000 IP Configuration

Host Name . . . . . . . . . . . . : dc1
Primary DNS Suffix . . . . . . . : test.test.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : test.test.com
test2.test.com

thernet adapter 192.168.66.15:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Gigabit Server Adapter #2
Physical Address. . . . . . . . . : 00-0B-CD-AF-76-8F
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.1.25
Subnet Mask . . . . . . . . . . . : 255.0.0.0
IP Address. . . . . . . . . . . . : 192.168.66.15
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 192.168.70.1
DNS Servers . . . . . . . . . . . : 192.168.66.15
192.168.66.26
Primary WINS Server . . . . . . . : 192.168.66.25

This DNS configuration is wrong...
Both DNS servers must point to itself in their NIC dns properties:

E.g - If the IPAddress is 10.1.1.25 then under my NIC properties on Dns
should be 10.1.1.25
If the IPAddress is 192.168.1.66.15 then under my NIC properties on Dns
should be 192.168.1.66.15

--
I hop that helps

Good Luck
Jorge Silva
MCSA
Systems Administrator
 
Ad

Advertisements

R

rdhouck

The machine I displayed the ipconfig for has 2 ip's. Its primary ip is
on the 192 net and secondary on the 10 net.

Prefered Dns is pointing to itself : 192.168.66.15

Secondary is pointing to the second dc in the domain. Or should this be
pointing to 10.1.1.1?


The machine on the 10 net :

Prefered Dns is pointing to itself 10.1.1.1

Secondary is pointing to the other dc 192.168.66.15

is this not correct?
 
R

Rich

Ive almost got it working, I setup wins to replicate between the
domain. This seems to have done it but im getting an RPC server is
unavible on the 10 net.


Rich
 
J

Jorge Silva

Hi

Can you share what did you do to make it work?


--
I hop that helps

Good Luck
Jorge Silva
MCSA
Systems Administrator
 
Ad

Advertisements

R

Rich

From the Begining:

Setup Secondary Dns Zones on each DC for the exteral Domain and allow
zone transfers.

from the tcp/ip /advanced/dns tab add in both Domain entires under
Append these dns suffixes. check the box that says register these dns
suffixes.

Setup a wins Server on Both DC's. Point each wins server to it self in
tcp/ip advanced/wins connections tab.

Synchronize both wins servers.

Then run AD Domains and Trusts to create the trust.

That did it.

Rich
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Top