Announcement

Collapse
No announcement yet.

Domain Trusts Problem

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Domain Trusts Problem

    I'm going through some training exercises and I'm trying to create a forest trust between globomantics.com and wiredbraincoffee.com. When I enter the process to create the new trust I'm getting stuck at the first step where it asks you to put in the domain name. As soon as I click next I get an error: The end point is invalid.

    "The local security authority is unable to connect to the Active Directory Domain Controller NY-DC1-2K8.globmantics.com". Both machines are in the same subnet. One machine NY-DC1-2K8 is a physical machine the other is a virtual. I setup conditional forwarders on both machine and they work. When I try setting it up on NY-DC1-2K8 it works, but not the other way around.


    Thanks for your help!!

  • #2
    Re: Domain Trusts Problem

    I'm posting the results of my dcdiag to test my dns. I don't what all these dns servers are that are listed. If someone could give me some insight on these results that would be great. I looked through the records and couldn't locate any of these PTR records and I'm not using any IPv6 either.


    C:\Users\Administrator>dcdiag /test:dns

    Directory Server Diagnosis

    Performing initial setup:
    Trying to find home server...
    Home Server = NY-DC1-2K8
    * Identified AD Forest.
    Ldap search capabality attribute search failed on server DAL-DC1-2K8, return
    value = 81
    Got error while checking if the DC is using FRS or DFSR. Error:
    Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail
    because of this error.
    Done gathering initial info.

    Doing initial required tests

    Testing server: NewYorkSite\NY-DC1-2K8
    Starting test: Connectivity
    ......................... NY-DC1-2K8 passed test Connectivity

    Doing primary tests

    Testing server: NewYorkSite\NY-DC1-2K8

    Starting test: DNS

    DNS Tests are running and not hung. Please wait a few minutes...
    ......................... NY-DC1-2K8 passed test DNS

    Running partition tests on : ForestDnsZones

    Running partition tests on : DomainDnsZones

    Running partition tests on : Schema

    Running partition tests on : Configuration

    Running partition tests on : globomantics

    Running enterprise tests on : globomantics.com
    Starting test: DNS
    Summary of test results for DNS servers used by the above domain
    controllers:

    DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
    1 test failure on this DNS server
    PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
    0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235

    DNS server: 2001:500:2d::d (d.root-servers.net.)
    1 test failure on this DNS server
    PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
    0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d

    DNS server: 2001:500:2f::f (f.root-servers.net.)
    1 test failure on this DNS server
    PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
    0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f

    DNS server: 2001:500:3::42 (l.root-servers.net.)
    1 test failure on this DNS server
    PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
    0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:3::42

    DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
    1 test failure on this DNS server
    PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
    0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30

    DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
    1 test failure on this DNS server
    PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
    0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30

    DNS server: 2001:7fd::1 (k.root-servers.net.)
    1 test failure on this DNS server
    PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
    0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1

    DNS server: 2001:7fe::53 (i.root-servers.net.)
    1 test failure on this DNS server
    PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
    0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53

    DNS server: 2001:dc3::35 (m.root-servers.net.)
    1 test failure on this DNS server
    PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
    0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35

    ......................... globomantics.com passed test DNS

    Comment


    • #3
      Re: Domain Trusts Problem

      The first failure listed talks about server name DAL-DC1-2K8; assuming that's a DC running at another site in your domain (Dallas as a first guess), then that DC isn't contactable for some reason, using the protocols called out in the error.

      The other failures are all root hints servers. Your DNS attempts to resolve any request sent to it, whether the answer is inside your network or not. If not inside, and it can't resolve the request through normal forwarding, your DNS will resort to root hints servers which are on the Internet.

      Since every root hint test fails, and the supposed internal domain contact to the DAL-... named server failed, then I'd say you have a networking issue. Your NY-DC1 can't see outside the local network. Check your gateway router settings, your ISP, etc. Also check to see if you NY server can SEND it's DNS queries through it's firewall to any outside agent. The firewall may be allowing DNS requests to come into your server, but is the firewall also allowing your DNS server to initiate traffic to do it's own requests?
      *RicklesP*
      MSCA (2003/XP), Security+, CCNA

      ** Remember: credit where credit is due, and reputation points as appropriate **

      Comment

      Working...
      X