Announcement

Collapse
No announcement yet.

Trusted Domains 2008 cannot share with 2003

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Trusted Domains 2008 cannot share with 2003

    Hi,

    I have a two-side trust relation between windows 2008 R2 and windows 2003.

    I have share file/folders from 2003 server domain with 2008 server domain; but cannot do vice versa.

    In windows 2008 when i do validate SID, Its asking to reset password.

    How can i fix the sharing issue between 2008 and 2003.

    Thanks

  • #2
    Re: Trusted Domains 2008 cannot share with 2003

    Originally posted by wrathyimp View Post
    In windows 2008 when i do validate SID, Its asking to reset password.
    Can you please explain this in greater detail? Who, when, where, what? Screenshots would be good too.
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: Trusted Domains 2008 cannot share with 2003

      OK,

      I have domainA = windows 2003 SP2
      domainB= windows 2008 R2

      Have two-way trust relation.

      Can share file folder on domainA with users from domainB.
      Cannot find users from domainA when sharing file/folders on domainB server.

      When i validate the trust from domainA, it asks for authentication credentials of domainb for incoming trust, and gives warning to reset the trust password for domainB to domainA (as attached screenshot1-domainA trust).

      When validating the trust from domainB, its give the error" windows cannot find active directory domain controller for the domainA" (as attached screenshot2-domainB trust).

      Hope this can give a clear picture of my issue.

      Thanks
      Attached Files

      Comment


      • #4
        Re: Trusted Domains 2008 cannot share with 2003

        Sounds like a DNS issue. Is domain A able to resolve domain B DNS and vice versa?

        Does the DNS servers for each domain have conditional forwarders setup for the other domain?
        Regards,
        Jeremy

        Network Consultant/Engineer
        Baltimore - Washington area and beyond
        www.gma-cpa.com

        Comment


        • #5
          Re: Trusted Domains 2008 cannot share with 2003

          On doing nltest on DomainB, i get the following result:

          C:\>nltest /dsgetdc:domainA
          Getting DC name failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

          Comment


          • #6
            Re: Trusted Domains 2008 cannot share with 2003

            I dont see any of the domains listed in the DNS mmc. How can add the conditional forwarders?

            Comment


            • #7
              Re: Trusted Domains 2008 cannot share with 2003

              Both Domains are on the same LAN network, within the firewall.

              Comment


              • #8
                Re: Trusted Domains 2008 cannot share with 2003

                Originally posted by wrathyimp View Post
                On doing nltest on DomainB, i get the following result:

                C:\>nltest /dsgetdc:domainA
                Getting DC name failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
                Can you run nltest using the FQDN of domainA? (e.g. domaina.local)

                Also use nslookup and check to see if the domains resolve by their FQDN.

                Originally posted by wrathyimp View Post
                I dont see any of the domains listed in the DNS mmc. How can add the conditional forwarders?
                Windows 2008 and newer:
                - Open the DNS mmc
                - expand your server
                - then right-click the conditional forwarders container and select New Conditional Forwarder and go through the wizard

                Windows 2003:
                - Open the DNS mmc
                - right-click your server and select properties
                - click the forwarders tab
                - click the New button
                - type in the name of the other domain and click OK
                - highlight the domain name for the other domain and then add the DNS server IP address for the other domain
                Regards,
                Jeremy

                Network Consultant/Engineer
                Baltimore - Washington area and beyond
                www.gma-cpa.com

                Comment


                • #9
                  Re: Trusted Domains 2008 cannot share with 2003

                  Thanks Jeremy,

                  I could successfully added domainA users to permissions under the sharing properties.

                  But now the users in domainA cannot find or access the shared folders of domainB.local. Its giving error:
                  \\srv.domainB.local\folder
                  An extended error has occurred.
                  And if try to connect to the server \\srv.domainB.local is not acccessible, you donot have permission. user name not found.

                  So now where should i fix this one.

                  Comment


                  • #10
                    Re: Trusted Domains 2008 cannot share with 2003

                    can you verify that each domain is successfully resolving the other domain?

                    If you have multiple DNS servers, make sure each one can resolve both domains. (you can use nslookup to verify the resolution)

                    Once we have verified both domains can successfully resolve the other then we need to make sure permissions are set correctly. In the outgoing trust properties make sure forest-wide authentication is selected on both sides of the trust or if you need to use selective authentication make sure you've selected all the users that will need to access resources on the domain. Do this on both sides of the trust. (note: if you have complete control of both domains then I would select forest-wide authentication)

                    Finally check the permissions on the objects you're trying to access.
                    Regards,
                    Jeremy

                    Network Consultant/Engineer
                    Baltimore - Washington area and beyond
                    www.gma-cpa.com

                    Comment


                    • #11
                      Re: Trusted Domains 2008 cannot share with 2003

                      nslookup is successfully resolving the other domain, both sides.

                      I have read in forums about have to add everyone in the permission, in order to share the folder.

                      But I dont need every one to have any sort of access to the shared folder, except for the respective users responsible for the files.

                      Thanks

                      Comment

                      Working...
                      X