Trust Relationship and subnets?

[PaulBarron]

I have a two way trust between Domain A and Domain B. Domain A is NT4, Domain B is Active Directory.

Within the same subnet, these domains trust each other in the desired way.

However, Domain B Active Directory DC's in other subnets, which have been added to the trust by replication cannot gain access to Domain A in the desired way.

To be specific, I want some sevices on servers in Domain B to be started using an account in Domain A. Again, within the same subnet this works fine.

When I verify the trust wihin the common subnet, this works fine. When I try the same between the two subnets, the trust will not verify.

AD Sites and Services is correctly configured and I'm pretty confident about DNS too.

Can anyone help?

 

[nootgevallen]

Did you associate the subnet with a site ?

To define subnets for a particular site
In the left pane of the console, right-click Subnets under the site name.
On the Action menu, click New Subnet.
In the New Object–Subnet box, type the subnet address and subnet mask numbers.
Select a Site object for this subnet in the lower pane and click OK.
If you have correctly entered the subnet, it will appear in the Subnets folder.

 

[PaulBarron]

Yes, subnets are associated with the correct sites

 

[PaulBarron]

Still struggling with this. One DC is fine with the trust, the other 14 DC's cannot verify it.

Can anyone advise please?

 

[caddnima]

if you remove all network connections (physically) by removing cat5 cables. Then restart it... will this make the boot back to normal?

If this is the case... there is a domain issues... primary and secondary ip address should be checked.


This happened to me before...

Just my 2 cents

 

[MSMVP]

Given that this is a downlevel trust, and it works on the same subnet, but not on another subnet in the same domain, I'd suspect something network related. Reasoning? Downlevel trusts are NTLM - NetBIOS is playing a part. Hence, you will have to pass SOME NetBIOS traffic.

My guess? Because it appears the rest of your domain is uplevel, some information is being blocked by the router / layer 3 device separating the subnets.

Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone -

http://www.microsoft.com/windowsxp/expertzone

 

[PaulBarron]

another symptom of this problem is that when I try to configure a service on one domain to start with an account from another, I can see that domain in the drop down list, but when I try to browse to it i get the error;

"Cannot display objects from this location because of the following error:

The specified domain either does not exist or could not be contacted"

I am very confused by this problem.

Pretty sure it is not router configuration as suggested

 

[Seaspray0]

If your second site is across a WAN, then you may be having problems finding the NT domain. Making a DC in your second site a global catalog may solve your problem and should also improve logon speed.

 

[PaulBarron]

It is across a WAN actually. However, the second site is configured as a global gatalog already.

I'm sure this will turn out to be something simple, but it is currently very frustrating