No announcement yet.

Child Domain having problem. Help!

  • Filter
  • Time
  • Show
Clear All
new posts

  • Child Domain having problem. Help!

    Hi all, been meaning to put this on a post for few days but was busy doing research on the problem first.

    Before I put my question i would like to give some details of the setup.

    Domain is setup like below

    Both child domain has their own dns and dns forwarders are pointing to root dns server. These servers are running windows 2003 r2.

    Everything was working fine until last week. When we couldnt few details of users on exchange 2007 servers. After trying to look for the problem we found that exchange server couldnt connect to domain controller in child1.

    Now the problem is child1 can go through Active Directory of other servers i.e root and child2. But when we try to do the same from root or child2 we get "Access Denied". This was working before and has to do something with Trust. I have ran countless diag tools (dcdiag / netdiag even with fix) most of the post is indicating that it is something to do with DNS problem probably a missing SRV records.

    One of the post asked to check if you can browse the server by UNC. I can do that for child1 in question with computer name but not with domain name. i.e if my child1 dc name is i can open \\ but when i try to use the child domain name i get access denied from root and child2 i.e. \\ .

    I have valided the trust between child and root couple of times which validates without any errors. Someone suggested to remove the trust and re-create the trust between root and child1 which i want to do but the option to do that is gray'd out...

    I am really stuck with this problem and would really appreciate any help and will bowdown for anyone who fix this issue

    Thanks in advance.


  • #2
    Re: Child Domain having problem. Help!

    I ran the following test as suggested by one of the posts on the root and child1. Child1 said it passed every test. However, when i ran the same thing on root server it gave the following error. Hopefully this will help in troubleshooting this error.

    DCDIAG /test:CheckSecurityError

    Domain Controller Diagnosis
    Performing initial setup:
    Done gathering initial info.
    Doing initial required tests
    Testing server: Default-First-Site-Name\Root
    Starting test: Connectivity
    ......................... Root passed test Connectivity
    Doing primary tests
    Testing server: Default-First-Site-Name\Root
    Starting test: CheckSecurityError
    Source DC Child1 has possible security error (5). Diagnosing...
    Time skew error between client and 1 DCs! ERROR_ACCESS_DENIED or
    down machine recieved by:
    ......................... Root failed test CheckSecurityError
    Running partition tests on : ForestDnsZones
    Running partition tests on : DomainDnsZones
    Running partition tests on : Schema
    Running partition tests on : Configuration
    Running partition tests on : Root
    Running enterprise tests on :


    • #3
      Re: Child Domain having problem. Help!

      Alright just to answer myself for the 3rd time and to probably help someone else who is facing the same problem and want to know the fix for the annoying issue.

      I suspected that it was the trust relationship between the Root and the Child domain but there was not way to remove the default trust from M$ Domains and Trust interface. From Domain and Trust we could validate it without any problems from both Child & Root.

      Anyways in the end we did the following by going into Active Directory Users & Computers go in View select Advance Features... go to Systems and select the root domain whichever it is for you and delete (its an object without icon and in Type it shows (Trusted Domain). You have to repeat this process (Delete Trust) on both root and child.

      Once that is done go to Active Directory Domains and Trusts and right click (properties) on the domain you want to recreate the trust on and create one by following the step by step wizard.

      Hopefully this would help someone someday maybe years from now.

      P.S: Things this fix did was (replication problem.. UNC path to domain \\ was giving Access Denied .. and Exchange 2007 was giving error that it could not find domain controll in the child and we could not modify users or remove/disable/delete them. We were in a big mess.

      And as promised i will bowdown to myself ahahaha
      Last edited by ijaved; 5th December 2009, 14:58.


      • #4
        Re: Child Domain having problem. Help!

        Looks like problem is with the communication which could be due to lots of reason, like broken secure channel, DNS etc.
        Please gather the DCDIAG report for all the three domain controllers in all three sites.
        run DCDIAG /V and save it to a text file (or pipe it) and attach the same here.
        This will give us a better understanding of the issue.

        Pledge Technologies
        Last edited by Wired; 6th December 2009, 00:00.
        Best Regards,
        Pledge Technologies


        • #5
          Re: Child Domain having problem. Help!

          Hey Pledge, actually we have fixed the problem after 3 painful weeks of troublshooting. I probably have read 100's of posts on the problems.

          I have deleted the logs atleast from my computer but might have them on the server. I will try to post them up here just for reference for someone else who has the problem.

          It was broken Trust between Root & Child domain which we created manually. However, took us long to figure that out since it was validating the trust without any errors. We deleted the trust and recreated it just to make sure which helped.




          • #6
            Re: Child Domain having problem. Help!

            You are great..

            Steps pls.

            Would helpful to everybody...


            • #7
              Re: Child Domain having problem. Help!

              Check these links, will give you the complete information on how to setup trust.



              1st article applies to both 2K and 2K3!!

              Pledge Technologies.
              Best Regards,
              Pledge Technologies