Trust Relationships

  • Thread starter Thread starter LeeLee
  • Start date Start date
L

LeeLee

I'm trying to setup a trust relationship between our
system and another system that is in our forest but on a
separate domain, and when trying trying to setup the trust
I'm receiving an error message saying "domain cannot be
contacted." However, I can ping the site and trace route
it but still get no connection when trying to setup the
trust relationships. Any ideas??
 
I assume you are talking about a downlevel trust to a NT4.0 domain as all
W2K domains in a forest already have a transitive trust set up. Usually the
problem to a downlevel domain is that there needs to be netbios name
resolution to establish the trust and the best way is to make the wins
servers in each domain replication partners with each other and make sure
domain controllers in both domains are wins clients also to the wins server
in their domain. You also could use a lmhosts file to establish the needed
netbios name resolution so each domain can find the pdc in the other domain
as described below. If you use a lmhosts file and it is correct, nbtstat -c
should show an entry in it's cache after a nbtstat -R or reboot. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;180094
http://support.microsoft.com/default.aspx?scid=kb;en-us;262655
 
Hi

Maybe this will help:

Reference Link:
http://support.microsoft.com/default.aspx?scid=kb;en-us;312003&Product=win20
00

Unable to Establish an Explicit Trust Between Windows 2000-Based Domains

SYMPTOMS
========
When you attempt to establish an explicit trust between two Windows
2000-based domains that are in different forests, you may receive the
following error message:

The DomainName domain cannot be contacted. If this domain is a Windows
domain, the trust cannot be set up until the domain is contacted. Click
Cancel and try again later. If this is an interoperable non-Windows
Kerberos realm and you want to set up this side of the trust, click OK.

CAUSE
=====
This issue can occur if the domain controller where the trust is being
configured cannot resolve the IP address of the primary domain controller
(PDC) in the other domain.

RESOLUTION
==========
To resolve this issue, make sure that Windows Internet Name Service (WINS),
Domain Name System (DNS), or the LMHOSTS file is configured correctly to
locate the PDC, and that TCP/IP is configured correctly on all of the
domain controllers that are involved.

MORE INFORMATION
================
For additional information about DNS, click the article numbers below to
view the articles in the Microsoft Knowledge Base:

291382 Frequently Asked Questions About Windows 2000 DNS
237675 Setting Up the Domain Name System for Active Directory

For additional information about the LMHOSTS file, click the article
numbers below to view the articles in the Microsoft Knowledge Base:

101927 The Lmhosts File for TCP/IP in Windows
180094 How to Write an LMHOSTS File for Domain Validation

For more information about WINS, type WINS on the Search tab in Windows
2000 Help, and then click the appropriate topic.


For more information about configuring TCP/IP, type TCP/IP on the Search
tab in Windows 2000 Help, click Configure TCP/IP, and then click the
appropriate topic.

The information in this article applies to:
o Microsoft Windows 2000 Server


Shilpa Sinha
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Back
Top