Announcement

Collapse
No announcement yet.

Creating a forest trust

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Creating a forest trust

    am getting the error The new Trust wizard cannot continue because the specified domain cannot be contacted when trying to create a forest trust between separate locations. These servers are separate domains and locations connected via SonicWall site to site VPNs

    I have created the secondary DNS zones and can ping and nslookup without problem.

    My understanding is that I need to add a SRV record:

    DNS Resource Records That Are Required for Secondary Zones

    There are two DNS resource records that must be registered properly on the DNS server that hosts the secondary copy of the trusted domain or forest:Service (SRV) resource record (_ldap._tcp.dc._msdcs.)Host (A) resource recordThese records must be in place and registered properly before you establish a domain or forest trust.

    Where exactly do I add this at the root of the forward lookup zone or in the secondary zone?Any insight would be greatful~

    There are two DNS resource records that must be registered properly on the DNS server that hosts the secondary copy of the trusted domain or forest:

    Service (SRV) resource record (_ldap._tcp.dc._msdcs.)Host (A) resource record

    These records must be in place and registered properly before you establish a domain or forest trust.

    Where exactly do I add this at the root of the forward lookup zone or in the secondary zone?

    Any insight would be greatful~

  • #2
    Re: Creating a forest trust

    Instead of adding secondary zones in each domain for the opposing domains DNS why not just set up conditional forwarders in each domain for the opposing domains DNS?

    Comment


    • #3
      Re: Creating a forest trust

      reading technet etc. it would seem that secondary is preferred?

      Comment


      • #4
        Re: Creating a forest trust

        I don't know that I've ever read that one is preferred over the other but I've always used conditional forwarders with good success.

        Comment


        • #5
          Re: Creating a forest trust

          OK created a conditional forwarder... do I have to do one on both domains?

          Comment


          • #6
            Re: Creating a forest trust

            Yes. In each domain you need to set up a conditional forwarder for the other domain.

            Comment


            • #7
              Re: Creating a forest trust

              Still having the same issue? Do i need to add a reverse look up too?

              Comment


              • #8
                Re: Creating a forest trust

                No. rDNS zones aren't used in any way, shape or form in AD. Did you delete the secondary zones that you had created earlier? If not, do so. Then flush the DNS client cache and the DNS server cache on each DC/DNS server and try again.

                Comment


                • #9
                  Re: Creating a forest trust

                  Done the above and still no dice..... this shouldn't be this hard!

                  Comment


                  • #10
                    Re: Creating a forest trust

                    Yeah. I've created forest trusts many times using conditional forwarders and have never had issues. Possible VPN problem? Can you nslookup the appropriate SRV records for each domain from the opposing domain? Any VPN traffic rules that may be blocking traffic?

                    Comment


                    • #11
                      Re: Creating a forest trust

                      Originally posted by joeqwerty View Post
                      Yeah. I've created forest trusts many times using conditional forwarders and have never had issues. Possible VPN problem? Can you nslookup the appropriate SRV records for each domain from the opposing domain? Any VPN traffic rules that may be blocking traffic?
                      I couldn't until I put in the IP addresses in each host file. The sites are connected with a Site to Site VPN with two Sonicwalls.

                      Comment


                      • #12
                        Re: Creating a forest trust

                        What did you put in the hosts file and where? It sounds like the VPN may be part of the issue. Remove the entries you put in the hosts file and flush the DNS client cache on each server (ipconfig/flushdns).

                        Comment


                        • #13
                          Re: Creating a forest trust

                          OK, removed entries. Completed the flush and still the same issue. Maybe I need to wait until the morning? its becoming frustrating....

                          Comment


                          • #14
                            Re: Creating a forest trust

                            Taking a break sounds like a good idea. Fresh eyes in the morning might lead us to a solution.

                            Comment


                            • #15
                              Re: Creating a forest trust

                              still working on this and no luck. When i do a nslookup on the domain it cant find it over the VPN. Is there any tweaks I could do to "trick" the servers into finding each other?

                              Comment

                              Working...
                              X