Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Is WINS working ...can not establish domain tusts 2

Status
Not open for further replies.
lebisol

lebisol

IS-IT--Management
Joined
Jan 3, 2003
Messages
3,325
Location
US
Hello everyone,
I am trying the setup domain trust but getting error that domain can not be contacted. My initial suspect would be the WINS servers...but I am not sure where to look next.
Here is the setup:
Domain_A runs on subnet of 192.168.1.x
with wins server 192.168.1.40

Domain_B runs on subnet of 192.168.4.x
with wins server 192.168.4.40

I can get into both wins server and querry for names and I can see the machines/server mappings to their IPs but whenever I try to
connect from either of domains ...name resolution fails.
As is Run:\\ServerName_InOtherDomain fails
while
Run:\\IP works

Strange thing is that name resolution works for RDP/Terminal Services but not for establishing a domain trust or simple filesharing....what am I missing here?
Many thanks in advance,
All the best!

:--------------------------------------:
fugitive.gif

[URL unfurl="true"]http://mostarnet.com[/url]

All around in my home town,
They tryin' to track me down...
 
Sort by date Sort by votes
There are 2 utilities which can assist you in pinpointing the problems:

netdiag
dcdiag

They both have EXTENSIVE command line options for exactly such tasks.

MAKE SURE you get the LATEST versions of these from Microsoft. They've updated them since they put them out with the Windows OS Support Tools or the Resource Kits...

Question:
1. Are these machines Domain Controllers?
2. Are they in the SAME forest? i.e.
server1.somedomain.maindomain.com
server2.differentdomain.maindomain.com

Verify that you can PING between each machine.
Check that the Windows Firewall is disabled when you're trying to trust each domain...

Double check that on both servers can properly resolve the Fully Qualified Domain Name of all Domain Controllers (in both domains.)

Verify that you are using the Enterprise Admin's CORRECT password (This would the the Administrator's account on the Forest Root in each forest.) I believe that is the only only account that can establish trusts.
 
Upvote 0 Downvote
hello Redfox1,
Thanks for the response...
Yes, both machines are domain controllers and they are not in the same forest.
hmm...now that you brough it up:
Should I try to build them in the same forest? - second server/domain is only there for the remote office users to authenticate and print....just about everying (mailserver,sqlserver,fileshares etc.) is on the 'server1.somedomain.maindomain.com'side.

Firewall is dissabled and I can ping machines without any loss.

When I try do add a trusted domain to
server1.somedomain.maindomain.com
( I am adding a server2.somedomain.otherdomain.com and entering admin user/pass of it - different than my server1)
I am getting an error that RPC server is unavailable...

----------

Am I going about this all wrong from the start?
At this point I am having to create users in each domain and then re-authenticate whenever they try to access shares(based on ip for now) on the main server(s)/domain. What I am really after is 'seamless authentication' but yet ability of remote office (second domain) to function should the main domain/server go down. Sorry for the perhaps obvious questions ...it has been a few yrs.
Thanks for all the help!
All the best!

:--------------------------------------:
fugitive.gif

[URL unfurl="true"]http://mostarnet.com[/url]

All around in my home town,
They tryin' to track me down...
 
Upvote 0 Downvote
I have tried this DNS fix and still no love pings come back just fine....both wins servers have entires...wins info is distibuted to machines through DHCP (or manual) and nothing...
Any thoughts? (other than me taking a *&# class on netdiag
dcdiag)
Thanks for your time!
All the best!

:--------------------------------------:
fugitive.gif

[URL unfurl="true"]http://mostarnet.com[/url]

All around in my home town,
They tryin' to track me down...
 
Upvote 0 Downvote
What you really need to do is add a second domain controller to your current domain for the other site. Configure an additional site within Acitve Directory Sites and services for your other office and add the subnet to this new site.

Make sure your new Domain Controller is also a Global Catalog server and is running DNS.



Windows and NT Admin.
 
Upvote 0 Downvote
Hello ScottCr,
Thanks for your input!
I have been split which way to go with these servers...
A. -(as Redfox1 indirectly hinted)
promote 'offsite' DCs into same forest and keep separate domains

B. - as you suggested
promote 'offsite' DCs to become backup DCs of Single Domain


From what I remember version B would simplfy things as I would have 1 admin point to deal with.

Now,here are a few of my concerns that perhaps you can comment/advise on:
-Two remote offices are connected to main office with ISP's built MPLS and reside on their own subnets as they should.
-Eeach remote office has its own server with functions:
DC,DHCP,DNS,WINS,Print services. (exception is main office where we have a few more services runnign)

-Replication between sites and speed? I have only used BDC setup as 'just in case scenario' on the same subnet...never really 'seen it in action'...
To which server will users authenticate initially?Loggin over MPLS could be slow...so the one on their subnet will be the '1st point of authentication or will they have to hit the PDC in the main office each time they login?

Again, much oblidged for all of your kind help!
All the best!


:--------------------------------------:
fugitive.gif

[URL unfurl="true"]http://mostarnet.com[/url]

All around in my home town,
They tryin' to track me down...
 
Upvote 0 Downvote
If you have an IMMEDIATE need to establish the trust, you will need to add root hints on your DNS servers that point to DNS servers in the foreign domain. I have had to do this in the past in order to get two Win2K/2K3 domains to see each other. Hope this helps
 
Upvote 0 Downvote
Hello itsp1965,
Thanks for the tip about DNS as it made me look into right direction.After everything I have decided to go along with Sites and BDCs with replication as it made more sence since our network was upgraded to MPLS.

On the remote site I had to set up a BDC using Lmhost file and DNS server from the main office-192.168.1.x.
The weirdest thing was that current Wins server (domain2 -192.168.5.x) WAS pointing correctly to DC...ping,nbtstat all looked perfect but it just would not authenticate.I did not mess with roothints though.
After the replication I have installed DNS (with ISP's DNS as forwarders) and DHCP services.

This all together removed the need for the WINS service on remote site. :-)
Looking over the post it perhaps should have read "Sites vs. Domains"
Thanks guys for your time and ideas!
All the best!


:--------------------------------------:
fugitive.gif

[URL unfurl="true"]http://mostarnet.com[/url]

All around in my home town,
They tryin' to track me down...
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

techbrain1
  • Locked
  • Question Question
Explorer Error the operating system is not compatible with this product
Replies
0
Views
284
techbrain1
techbrain1
microsGuy16
  • Locked
  • Question Question
Can not copy files to Mapped drive
Replies
0
Views
1K
microsGuy16
microsGuy16
goombawaho
  • Locked
  • Question Question
Domain join from wifi connected laptop
Replies
4
Views
1K
goombawaho
goombawaho
MattM1975
  • Locked
  • Question Question
Domain Admin Logon
Replies
2
Views
562
ADB100
ADB100
mangentle
  • Locked
  • Question Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
1K
gbaughma
gbaughma

Part and Inventory Search

Sponsor

Back
Top