No announcement yet.

Creating new forest, now need to create trust

  • Filter
  • Time
  • Show
Clear All
new posts

  • Creating new forest, now need to create trust

    Hi all,
    I am in a bind here, and i am turning to the all knowing group that IS the Petri Forums group!!

    We currently have one Active Directory forest, has been around since our company was founded 5 years ago ( We were recently purchased, and now we are starting the process of migrating the three companies that were brought together into one new Active Directory forest (

    I have create the new Active Directory forest ( and now I am trying to setup the trust between the original forest (XYZ) and the new forest (123).

    On the DC in the new forest I run through the wizard to create the trust, and it looks like it works (i tell it to establish on both sides and the new forest appears in the old forest as an established trust) the problem comes when i try and run the validate procedure on the trust, it says that there are no logon servers available to complete the process.

    These two Forests are on 2 different subnets (10.100.50.XXX and 10.100.70.XXX). In the old domain controller, when i try and validate the trust, i see the connection attempt, it shows up as a failure in the security audit log.
    Logon Failure:
     	Reason:		An error occurred during logon
     	User Name:	Administrator
     	Domain:		SSV
     	Logon Type:	3
     	Logon Process:	NtLmSsp 
     	Authentication Package:	NTLM
     	Workstation Name:	SSV-DC01
     	Status code:	0xC000005E
     	Substatus code:	0x0
     	Caller User Name:	-
     	Caller Domain:	-
     	Caller Logon ID:	-
     	Caller Process ID:	-
     	Transited Services:	-
     	Source Network Address:
     	Source Port:	0
    I have tried searching for the event ID 537, and it gives me a bunch of crap about XP, nothing about 2003 to 2003 trusts.

    Can anyone assist me with this?

    Thanks much


    Oh, i forgot something else. When i try and create the trust from the old forest, it is unable to complete. It says it cannot see the new forest.

    I hope this helps!!

    Last edited by apperrault; 6th June 2007, 23:36. Reason: forgot a bit of info

  • #2
    Re: Creating new forest, now need to create trust

    Do you have proper DNS name resolution set up for the environment? Since you're splicing a few separate environments together, you may need to set up conditional forwarding on your DNS servers. That's fairly standard in this type of situation.
    VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+ - VMware Virtualization Evangelist
    My advice has no warranties. Follow at your own risk.