Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Domain Trust
Domain Trust [message #157109] Tue, 30 June 2009 13:47 Go to next message
Simon  is currently offline Simon
Messages: 157
Registered: July 2009
Senior Member
I'm working in a project to merge operations of two domains (companies
merging)
site 1 has Domain A (DC with all operation master) (win 2003 SP1 x32)
site 2 has domain B (DC with all operation master + a DC from domain A) (win
2003 SP2 x64)
The sites are located in different states
I'm setting up a Two-way trust, forest transitive and forest-wide
authentication.

* When i try to validate domain A from Domain B it is successful
* When i try to validate domain B from domain A in site 1, I get the error
"windows cannot find the domain controller for the mountainaviation.com.
Veritfy that a DC is available and then try again." I can log in to DC in
domain B using RDP.
* When i try to validate domain B from domain A in site 2, I get the error
"Unable to read forest trust information from the other domain. The error
is: there are currently no logon servers available to service the logon
request."

At the end i cannot allow users from iether domain to have access to
resources from either domain. i get the error "The following error prevented
the display of any items: the server is not operational"

Any suggestion will be apretiated.

Thanks

Simon
Re: Domain Trust [message #157117 is a reply to message #157109] Tue, 30 June 2009 20:25 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
In news:3B27FBE3-80E7-4053-9615-763266613610@microsoft.com,
Simon <simonh@newsgroup.nospam>, posted the following, which I replied to down below...: Hello Simon
> I'm working in a project to merge operations of two domains (companies
> merging)
> site 1 has Domain A (DC with all operation master) (win 2003 SP1 x32)
> site 2 has domain B (DC with all operation master + a DC from domain
> A) (win 2003 SP2 x64)
> The sites are located in different states
> I'm setting up a Two-way trust, forest transitive and forest-wide
> authentication.
>
> * When i try to validate domain A from Domain B it is successful
> * When i try to validate domain B from domain A in site 1, I get the
> error "windows cannot find the domain controller for the
> mountainaviation.com. Veritfy that a DC is available and then try
> again." I can log in to DC in domain B using RDP.
> * When i try to validate domain B from domain A in site 2, I get the
> error "Unable to read forest trust information from the other domain.
> The error is: there are currently no logon servers available to
> service the logon request."
>
> At the end i cannot allow users from iether domain to have access to
> resources from either domain. i get the error "The following error
> prevented the display of any items: the server is not operational"
>
> Any suggestion will be apretiated.
>
> Thanks
>
> Simon

Hi Simon,

You've posted the symptoms, but you did not provide any configuration information, or how you went about setting up DNS, the trusts, firewall status, and much more, which would be helpful for any sort of diagnosis.

Forest trusts rely on DNS. How is DNS configured to allow resolution on both sides of the fence?

The best way I've found to do this is to use condition forwarders, meaning on all of A's DNS servers, configure a conditional forwarders to two of B's DNS servers, and vice versa.

Then make absolutely sure ALL ports are opened between the two locations, otherwise things will not work. If you need to

Then once configured and verified, add the Domain Users from A to the Local Domain Users on B, and vice versa, and do the same for the Domain Admins of A to the Local Administrators group on B, and vice versa. Configure permissions appropriately on resources.

Plus both forests must be a minimum 2003 Funtional Levels, which means each domain in the forest must be at that level before the forest levels can be raised.

Also make absolutely sure that no DCs are multihomed, no DCs have RRAS installed, either forest domain name is not a single label name ('domain' vs the minimal required format of 'domain.com,' 'domain.local,' etc), or there are no references to any other DNS server in any IP properties to an ISP's or router DNS, otherwise expect errors such as lack of communication and authentication to occur.

Please read the following to better help with the trust issue.

Checklist: Creating a forest trust: Active DirectoryJan 21, 2005 ... (Optional) Review the various trust types and understand forest trust concepts ... Raise the forest functional level. Create a forest trust. ....
http://technet.microsoft.com/en-us/library/cc756852(WS.10).aspx

Create a forest trust: Active DirectoryJan 21, 2005 ... To successfully create a forest trust, your environment will need to be set up properly. For more information, see the checklist for ...
http://technet.microsoft.com/en-us/library/cc780479(WS.10).aspx


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup/forum to benefit from collaboration among responding engineers, as well as to help others benefit from your resolution.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
aceman@mvps.RemoveThisPart.org
http://twitter.com/acefekay

For urgent issues, you may want to contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
Re: Domain Trust [message #157134 is a reply to message #157109] Wed, 01 July 2009 02:05 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Simon,

Please give some more information how you setup DNS on both sites for the
trust. Are both domains/forests on functional level Windows server 2003?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I'm working in a project to merge operations of two domains (companies
> merging)
> site 1 has Domain A (DC with all operation master) (win 2003 SP1 x32)
> site 2 has domain B (DC with all operation master + a DC from domain
> A) (win
> 2003 SP2 x64)
> The sites are located in different states
> I'm setting up a Two-way trust, forest transitive and forest-wide
> authentication.
> * When i try to validate domain A from Domain B it is successful
> * When i try to validate domain B from domain A in site 1, I get the
> error
> "windows cannot find the domain controller for the
> mountainaviation.com.
> Veritfy that a DC is available and then try again." I can log in to DC
> in
> domain B using RDP.
> * When i try to validate domain B from domain A in site 2, I get the
> error
> "Unable to read forest trust information from the other domain. The
> error
> is: there are currently no logon servers available to service the
> logon
> request."
> At the end i cannot allow users from iether domain to have access to
> resources from either domain. i get the error "The following error
> prevented the display of any items: the server is not operational"
>
> Any suggestion will be apretiated.
>
> Thanks
>
> Simon
>
Re: Domain Trust [message #157334 is a reply to message #157134] Mon, 06 July 2009 15:19 Go to previous messageGo to next message
Simon  is currently offline Simon  United States
Messages: 157
Registered: July 2009
Senior Member
Ace, Meinolf, thanks for your responses.

I deleted the zone I created in both domains and I setup condition forwards
and it worked.

Thanks Again

Simon





"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb6628b1f8cbc839d26679d7@msnews.microsoft.com...
> Hello Simon,
>
> Please give some more information how you setup DNS on both sites for the
> trust. Are both domains/forests on functional level Windows server 2003?
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> I'm working in a project to merge operations of two domains (companies
>> merging)
>> site 1 has Domain A (DC with all operation master) (win 2003 SP1 x32)
>> site 2 has domain B (DC with all operation master + a DC from domain
>> A) (win
>> 2003 SP2 x64)
>> The sites are located in different states
>> I'm setting up a Two-way trust, forest transitive and forest-wide
>> authentication.
>> * When i try to validate domain A from Domain B it is successful
>> * When i try to validate domain B from domain A in site 1, I get the
>> error
>> "windows cannot find the domain controller for the
>> mountainaviation.com.
>> Veritfy that a DC is available and then try again." I can log in to DC
>> in
>> domain B using RDP.
>> * When i try to validate domain B from domain A in site 2, I get the
>> error
>> "Unable to read forest trust information from the other domain. The
>> error
>> is: there are currently no logon servers available to service the
>> logon
>> request."
>> At the end i cannot allow users from iether domain to have access to
>> resources from either domain. i get the error "The following error
>> prevented the display of any items: the server is not operational"
>>
>> Any suggestion will be apretiated.
>>
>> Thanks
>>
>> Simon
>>
>
>
Re: Domain Trust [message #157337 is a reply to message #157334] Mon, 06 July 2009 15:52 Go to previous message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Simon" <simonh@newsgroup.nospam> wrote in message news:O693$6m$JHA.1380@TK2MSFTNGP02.phx.gbl...
> Ace, Meinolf, thanks for your responses.
>
> I deleted the zone I created in both domains and I setup condition forwards
> and it worked.
>
> Thanks Again
>
> Simon

Good to hear, Simon!

Ace

Previous Topic:Clients hanging, file share browsing slows, logins take minutes
Next Topic:Event ID 1058 & 1030 Error
Goto Forum:
  


Current Time: Fri Oct 20 02:56:23 EDT 2017

Total time taken to generate the page: 0.02800 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software