Problem establishing 2 way trust on Windows 2003 Domain Controller

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I am trying to establish a 2 way trust between 2 domains on 2 different
subnets. They are both Windows 2003. I am able to ping domain controller B
from Domain A and vice versa using IP and NetBios. I am even able to RDP to
domain B, which is the new domain, from domain A. However, when I try to
browse domain B from any computer in domain A in My Nework Places, I get an
error saying:

DomainA is not accessible. You might not have permission to use this
network resource. Contact the administrator of this server to find out if
you have access permissions. The device is not connected.

When I try to validate the trust, I get the following error:

The Outgoing Trust was successfully validated.
The Secure Channel (SC) on domain controller \\DomainControllerA of Domain A
to Domain B failed with error. There are currently no logon servers
available to service logon request. Resetting the trust passwords might
resolve the problem.

I chose the option to reset the trust passwords, and that did not resolve
the problem.

Please help.
 
sound like name resolution and master browser issue. Do you have WINS server? or use browstat.exe to check the master browser status.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
I am trying to establish a 2 way trust between 2 domains on 2 different
subnets. They are both Windows 2003. I am able to ping domain controller B
from Domain A and vice versa using IP and NetBios. I am even able to RDP to
domain B, which is the new domain, from domain A. However, when I try to
browse domain B from any computer in domain A in My Nework Places, I get an
error saying:

DomainA is not accessible. You might not have permission to use this
network resource. Contact the administrator of this server to find out if
you have access permissions. The device is not connected.

When I try to validate the trust, I get the following error:

The Outgoing Trust was successfully validated.
The Secure Channel (SC) on domain controller \\DomainControllerA of Domain A
to Domain B failed with error. There are currently no logon servers
available to service logon request. Resetting the trust passwords might
resolve the problem.

I chose the option to reset the trust passwords, and that did not resolve
the problem.

Please help.
 
I agree with Robert. If the DCs are on routed subnets you'd need WINS for
netbios resolution, but of course W2K3 does not want WINS, but DNS. can you
ping by fqdn? There are a couple of options. You could create a secondary
zone to the other domain on each domain's DNS server, or you could forward
each to the other's.

....kurt
 
I installed WINS on both DCs and am able to do netbios resolution. I also
created lmhost files on both DCs. I setup DNS forwarding. I can ping the
fqdn of Domain A from Domain B. However, I am not able to ping the fqdn for
Domain B from Domain A. I can only ping the netbios name of the DC on
Domain B from domain A. Whats going on?
 
However, I am not able to ping the fqdn for
Domain B from Domain A. I can only ping the netbios name of the DC on
Domain B from domain A. Whats going on?
Click to expand...

DNS resoluton is not happening. Try creating scondary zones. Then you can
verify that zone transfers are occurring. Once you get successful zone
transfers your trusts will happen. Also, unless you have manually added the
dns suffix for the other domain, you'll need to refer to anything in the
other domain using it's fqdn. You will not be able to establish a trust
without DNS properly working.

....kurt
 
Back
Top