I need help creating forest trusts

  • Thread starter Thread starter Guest
  • Start date Start date
I'm hitting new heights! I got DomainB to trust DomainA (in both
windows ... trusting and trusted in AD Domains & Trusts on DomainB
PDC.)

However, when I go to DomainA and try to establlish the two way trust
I get an error when I hit VERIFY:
-----------------------------------------
"Information from the PDC for DomainB cannot be obtained because: The
RPC server is unavailable.

Make sure that the PDC is operating properly and then try again."
-----------------------------------------

I also tried to set up a secondary DNS zone on both (read somewhere
that this will help speed up both sides, too.) I was able to set up
the secondary zone on DomainB (for DomainA) but when I tried to set up
the secondary DNS zone on DomainA for DomainB I get an error (big red
X) as follows:
-----------------------------------------
The DNS server encountered an error while attempting to load the zone.
The transfer of the data from the master server failed.

Plese correct the problem then either press F5, or on the Action menu,
Click Refresh.
-----------------------------------------

Naturally there's a problem here somewhere but how can I tell? I check
both PDC's and the RPC service is running on both servers. I ran
DCDiag /Fix and NetDiag /Fix on both servers and they're both fine.

What can I run to see why DNS won't transfer? Do you think this is the
same problem of the trusts?

-Fran-
Click to expand...

Hi Fran,

Is there a firewall or something controlling traffic between the domains?

Ace
 
No, These DC's are behind the same firewall and they're on the same
subnet so all the traffic is unfiltered.
 
No, These DC's are behind the same firewall and they're on the same
subnet so all the traffic is unfiltered.
Click to expand...

Is there a security policy defined on DomainA preventing communication?
(IPSec, or a stronger security policy?)

Ace
 
Is there a security policy defined on DomainA preventing communication?
(IPSec, or a stronger security policy?)

Ace
Click to expand...

No, the only policies that are on DomainA are default policies. None
have been created (and this is a Windows 2000 server network.)
 
In
Fran said:
No, the only policies that are on DomainA are default policies. None
have been created (and this is a Windows 2000 server network.)
Click to expand...

Any services turned off or disabled such as NetBIOS, or such?

Other than that, I can't think of anything else that would block NetBIOS
communication between the two domains especially if they are on the same
subnet. Maybe someone else can hopefully respond if I missed something.

Ace
 
You got me thinking to check the services. I looked at DNS on both
sides. On DomainB I was able to set up a secondary zone for DomainA
but on DomainA I could not set up a Secondary Zone for DomainB. I
delved into the DNS settings on DomainB and found that the security
had been set not to allow zone transfers. I unchecked that, went to
DomainA's DC and created a secondary zone for DomainB (finally) and
then when I tried to create a two way trust it was able to verify and
create it! FINALLY!

I really have to thank you for all your help, Ace! I don't think I
would have gotten this resolved without your assistance. Now I have to
get the Universal Group stuff down and start setting up membership
usage.

-Fran-
 
You got me thinking to check the services. I looked at DNS on both
sides. On DomainB I was able to set up a secondary zone for DomainA
but on DomainA I could not set up a Secondary Zone for DomainB. I
delved into the DNS settings on DomainB and found that the security
had been set not to allow zone transfers. I unchecked that, went to
DomainA's DC and created a secondary zone for DomainB (finally) and
then when I tried to create a two way trust it was able to verify and
create it! FINALLY!

I really have to thank you for all your help, Ace! I don't think I
would have gotten this resolved without your assistance. Now I have to
get the Universal Group stuff down and start setting up membership
usage.

-Fran-
Click to expand...

Wow, DNS did it? Hmm. NetBIOS is for external type trusts, but forest trusts
in Win2003 are DNS based.

Either way, I am really glad you finally got it working. No prob for the
help, I tried my best, and whether I actually came up with the solution or
not, I am glad you did.

:-)

Ace
 
Back
Top