Trust issues, maybe DNS?

[ArizonaGeek]

I'll give a brief history and than get to my problem. I am trying to set up a new user domain for my office. Currently we have all of our servers and users on the same T1 line. This week (or next whenever our provider gets here) we are getting two separate T1 lines and we want to split the two. We'd like to set up a new domain since we changed our company name 2 years ago we've been kinda stuck with the old one. We cant get rid of the original domain, we have too many processes that have embedded code ... that is another disaster for another thread. But suffice to say, we cant get rid of it. I have everybody's "My Documents" redirected to our SAN so I have need to set up a trust between the two networks. Now here is the problem.

I can get the new network to see servers on the old network but I cant my test users cant access files on the old network and I am sure it has to do with permissions. But the old network cant see the new one so I can give them permissions. I set up a two way trust (one way, old trusting new wasn't working) I set up a Stub DNS entry on the new network just fine but I can't get one to connect on the old network. I can ping IP addresses back and forth just fine so they see each other. I figured it might be a route issue so I set up a route on all of our DC servers.

I just cant figure out why DNS on the old network cant see the new network. I get an error "The DNS server encountered a problem while attempting to load the zone. The transfer of zone data from the master server failed" and under the general tab of the properties the status says Expired. Not sure what that is about I just created it.

All of our DC/AD/DNS servers on both networks are 2003 Standard and all of our desktops are XP Pro.

Anyone got any idea why my old network cant see my new one? I've been working on this a week now and am banging my head why it isn't working. Thanks for any help!

Cheers
Rob

 

[wdoellefeld]

DNS is definitly an issue here. I would look at trying to understand why the zone will not transfer. Check the server in the old domain you are transfering from and make sure it is set to allow a transfer to the requesting server.

(yay! shameless advertising. my side business)

http://www.frcp.net

 

[Dublin73]

Hi,

so you've got two issues here... One being user permissions and one being your DNS zone transfer

Have you confirmed first that the trust relationship is fully functional, you've tested the trust in both directions ( through AD domains and trusts )?

Your test users, these are migrated users, and you migrated their Windows SID history? For this to work correctly you need to disable "SID filtering" in your new target domain first.

From the new domain, on a PC that can ping a DC in the original domain, if you choose Start, then Run... and try to connect to the system volume on a domain controller in the original domain ( for example \\servername\c$ ) what happens?

 

[ArizonaGeek]

Well we decided that we were just running into too many problems with DNS and the trust. I honestly think that when our old domain was set up (wasn't me I swear) it wasn't done correctly or with any forethought so I am sure something is goofy there. Since we have to live with it what I decided to do is set up a new domain under our old forest at least the trust is automatic and it'll be a little easier to manage.

The trust wasn't working correctly, we could get the trust from the new domain to the old but not the old to the new. And of course our DNS issue. We hadn't migrated any users so SID wasn't a problem.

So far everything is working correctly after removing trust, blowing out the OS and reinstalling on the new DC then setting up the new domain under the forest.

Thanks for all your help guys!

Cheers
Rob