Announcement

Collapse
No announcement yet.

Can not create external Trust---Please help

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Can not create external Trust---Please help

    Hello All,

    I am seeking help regarding trust relation in two domains. This is my first thread in Petri. Hope, I will get help from anybody out there. Let me explain my senario.

    I got two domain controller, one win2k3 X64 and win2k3 x86. Letís say dc1.xx.com and dc2.yy.com. I had additional domain controller say dc3.yy.com. dc3 got two FSMO roles and dc2 got another three FSMO roles. Both domians was working fine and had trust relation that was working fine.
    But something weird happen in dc3 so itís AD stopped functioning. I successfully transfer two roles to dc2, clean meta data and demod dc3. I installed win2k3 x64 and promote again successfully as dc3.yy.com and as additional domain.

    Now trust between xx.com and yy.com broken. I can ping IP of each other from both domain controller. I can resolve name xx.com from yy.com but I can not resolve name from xx.com to yy.com. But I checked host name and dns record in both domain controllers. It seems ok.

    When I try to create trust relation from xx.com it says ďThe new trust wizard can not continue because specified domian can not be contacted"

    Please someone help me.

    Raihan

  • #2
    Re: Can not create external Trust---Please help

    lets start .

    make sure all the FSMO roles are sucessfully transfered in dc2yy.com

    can you please send the screen shot of the both DNS records from both the servers dc1 and dc2
    and also the ipconfig /all from both the domains
    ________
    Hashish
    Last edited by vsharma; 10th April 2011, 06:35.

    Comment


    • #3
      Re: Can not create external Trust---Please help

      Sorry, I had long weekend. I couldnít response from my work. I checked FSMO roles, its working fine. In my previous posting, I name those servers as example But now I posting real domain, name and IP from my work. I got two domain bcc.wa.edu.au and ballajurcc.internal

      drwho.bcc.wa.edu.au 10.143.8.7
      ballajurccs1.ballajurcc.internal 10.142.8.11

      FSMO Roles for bcc.wa.edu.au
      Schema, Domain and RID---- drwho.bcc.wa.edu.au
      PDC---- bill.bcc.wa.edu.au 10.143.8.20
      Infrastrusture blackboard.bcc.wa.edu.au 10.143.8.9

      FSMO roles for ballajurcc.internal
      Schema,Domain,RID,PDC and infrastructre --
      ballajurccs1.ballajurcc.internal 10.142.8.11

      Please find the attachment for details.

      Thanks in advance, Raihan


      Attached Files

      Comment


      • #4
        Re: Can not create external Trust---Please help

        hi ,

        Can you please let me know you are unable to resolve the name from which server.
        And had you tried dcdiag and netdiag and dnslint command on both the server
        if no then please run these cmmands and check the results

        Meanwhile i am looking into this

        One more thing when u had transfer the roles .after getting down the dc3.yy.com or before this ...........bcz in first msg u wrote DC stop wrking and you transfer the roles
        which is not possible.....



        Thanx
        Vijay
        ________
        Medical Cannabis
        Last edited by vsharma; 10th April 2011, 06:35.

        Comment


        • #5
          Re: Can not create external Trust---Please help

          Hi Vijay,

          one of my additional domain controller was stopped. I got 5 DC. AD was working and replicating with other. Dcpromo didnít work to do a demotion. So, I boot that DC in safe mood with networking and transfer two roles from that server successfully. FSMO is working fine now. I promote that server again and working fine.

          Bcc.wa.edu.au can resolve name and IP of ballajurcc.internal but balljurcc.internal canít resolve name and can ping IP. Netdiag /test:dns and dcdiag shows ok in both server. But netdiag /test:trust fails in both server. Nslookup works fine drwho.bcc.wa.edu.au but it doesnít work in ballajurccs1.ballajurcc.internal

          Regards,
          Raihan

          Comment


          • #6
            Re: Can not create external Trust---Please help

            Hi Vijay,

            Is it necessary to do dns forwarding to configure trust?

            regards,
            Raihan

            Comment


            • #7
              Re: Can not create external Trust---Please help

              There are two ways either by DNS forwarding or by simply entering the
              DNS server address of another server in the current server's TCP/Ip setting.

              which one you are using ?
              Can you please verify that balljurcc.internal server has the Alternate DNS as the DNS of Bcc.wa.edu.au .

              or if it is possible please send me the TCP/IP page screen-shot to me of both DC.

              Thanx
              Vijay

              ________
              Multiple Sclerosis Advice
              Last edited by vsharma; 10th April 2011, 06:35.

              Comment


              • #8
                Re: Can not create external Trust---Please help

                Hi Vijay,

                Ballajurcc does not have alternative DNS server. This is only one server. Please find the enclosed for ipconfig /all

                Regards,
                Raihan
                Attached Files

                Comment


                • #9
                  Re: Can not create external Trust---Please help

                  Hi Raihan,

                  Do one thing just configure Alternate DNS server on both servers

                  On Ballajurcc (10.142.8.11) primary DNS 10.142.8.11
                  Alternate DNS 10.143.8.7


                  On Bcc.wa.edu.au (10.143.8.7) Primary DNS 10.143.8.7
                  Alternate DNS 10.142.8.11

                  Please configure the above setting in the Tcp/IP setting of both the servers.

                  after that try to resolve domain name from both servers.

                  if both will resolve each other then you can go ahead for external trust.

                  Please let me know if any issue comes.
                  Thanx
                  Vijay

                  ________
                  OPEL STRAIGHT-6 ENGINE
                  Last edited by vsharma; 10th April 2011, 06:35.

                  Comment


                  • #10
                    Re: Can not create external Trust---Please help

                    Are you using Wins in your Environment also.?
                    ________
                    Fetish tubes
                    Last edited by vsharma; 10th April 2011, 06:35.

                    Comment


                    • #11
                      Re: Can not create external Trust---Please help

                      Hi Vijay,

                      As I said, it is a weird trouble. I used alternative dns in both server. but no luck. I have wins server also. that working fine.

                      Regards,
                      Raihan

                      Comment


                      • #12
                        Re: Can not create external Trust---Please help

                        i would suggest you to just install wireshark on both the DC and check whenever you send piing request to IP or resolve domain name where the request goes.
                        That will give you better idea to catch the issue.

                        you please also try with forwarding on both the DC. that may help you.

                        Meanwhile i am also thinking about the same .


                        Regards.
                        Vijay
                        ________
                        Weed vaporizers
                        Last edited by vsharma; 10th April 2011, 06:35.

                        Comment


                        • #13
                          Re: Can not create external Trust---Please help

                          Hi Vijay,
                          I successfully created external trust. Thanks.
                          Raihan

                          Comment

                          Working...
                          X