Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Trust between Windows 2003 and Windows 2000 1

Status
Not open for further replies.
srenshaw

srenshaw

IS-IT--Management
Jan 19, 2005
75
CA
Hi,

What is the best way to establish a 2 way trust between a domain running Windows 2003 and one running Windows 2000 that are not in the same forest?

We tried to create a 2 way, non transitive realm trust but it is not working.

If someone could point me in the right direction I'd appreciate it.

We have a VPN tunnel between the 2 domains.

Thanks!
Simon
 
Sort by date Sort by votes
Yea, trusts in 2000/2003 can be tricky. What happened when you tried to create the trust ... what did the error message say? My first guess is that this is a DNS problem.

Say you have 2 domains called microsoft.com and apple.com - when you try to create the first part of the trust from microsoft.com to apple.com (ie, tell microsoft.com that you trust apple.com) microsoft.com will look for a domain controller (possibly the PDE emulator - not 100% sure) on apple.com - if it doens't find one then it will fail.

You have two options - either temporarially add the DNS server for apple.com into the DNS servers on the DC of microsoft.com (so that it will be able to find a DC), or add a record into the lmhosts file. Obviously when you create the second part of the trust you will have to reverse the situation also. And you'll need to make sure that port 53 is open on the VPN between the two sites.

Irish Poetry - Karen O'Connor
Get your Irish Poetry Published
Garten und Landschaftsbau
 
Upvote 0 Downvote
You said you tried to create a Realm Trust, you should use an External Trust. Realm Trusts are used to connect to non-Microsoft Kerberos Realms.
 
Upvote 0 Downvote
Thanks for the tips.

For some reasons, when I first tried to create a trust, I could only create a realm trust or a Windows domain trust.

When I tried again later, I was able to create an external trust. So I created a non-transitive 2 way trust between both domains on my side (2003).

So now I can see his network but he can't see mine. Yesterday at least, I haven't spoken to him yet.

Port 53 is the RPC port? That explain why I was getting RPC error while trying to validate the trust.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
685
Aquiles Vidal
Aquiles Vidal
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
903
suncit
suncit
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
539
antonio_dsanchez
antonio_dsanchez
techbrain1
  • Locked
  • Question
Trust relationship issue 1
Replies
3
Views
751
araheusaff
araheusaff
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
1K
gbaughma
gbaughma

Part and Inventory Search

Sponsor

Back
Top