Trust Issue

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Got a small problem

2 2k3 Servers both DCs in ther own forests and own domains

tripsvr01.triptest.lan
tripsvr02.pheotest.lan

both domains are at the Win2003 Functional Level
and both forests are at the Win2003 Functional Level

both can ping the opposite via extra DNS zones i added in each DNS server

now

Tripsvr02.pheotest.lan can almost establish a trust, when i enter 'dns name' triptest.lan it detects it as a domain, and offers me the option of a Forest Trust however fails at the last minute

Tripsvr01.triptest.lan Fails to detect pheotest.lan as a domain, and only offers me an external link or realm link
this has something to do with why it fails, but I cant work out what might be wrong

anyone have any insight?

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Have you tried setting up secondary zones for the other domain in each forrest, that way they can see all the the srv records for the forrest they are trying to set up a trust to. I had a fair amount of messing around trying to get 2k forest trusts going at work. The best way round it seemed to be to create a secondary zone for the other domain, pull all the records, create the trusts, then for security reasons promote the zone to a primary and remove all records not needed.

 

lifesaver mate
worked a treat

not sure why it was causing probs, especially being one side was recognising the other domain with just an almost empty zone, ahh well who am i to question MS logic ;)

thanks again Phil mate

 

Ryan, I love your naming scheme.

 

neat eh? well i started off just setting it up to emulate your config to see how much i could help lol
so thats what it was all named


tripsvr01 (Server 1)
tripsvr02 (Server 2)
tripsvr03 (Server 3)

tripxp1 (Client 1)
tripxp2 (Client 2)
trip2k1 (Client 3)

triptest.lan (Domain 1)
pheotest.lan (Domain 2)


tripsvr01.triptest.lan is the DC and Forest Root of triptest.lan
tripxp1.triptest.lan is the XP Client for that domain

tripsvr02.pheotest.lan is the DC and Forest Root for pheotest.lan
tripsvr03.subdom1.pheotest.lan is the DC for subdom1.pheotest.lan
trip2k1.pheotest.lan is the 2k client attached to this domain
tripxp2.subdom1.pheotest.lan is the XP client attached to this domain

so yeah i increased the lab layout a tad to try a few things in the end