I had another post recently but this has a different focus. I can't get my trusts working and I am pretty sure DNS is to blame. Would you mine taking a peek at my DNS? I probably have this setup totally wrong...
I am setting up a new domain on Server 2003 in a seperate forest for a future migration:
DomainA = current domain (2000) (2 dns servers)
DomainB = new domain (2003) (1 dns server)
DomainA DNS: has 2 AD-integrated forward lookup zones
AD-integrated lookup zones for DomainA.com:
Zone1: domainA.com
SOA=DC.domainA.com
Name servers=dc.domainA.com, dc-backup.domainA.com, dc.domainB.com
Created a host record in this domain to point to the IP of the domainB DC. Is that right?
Zone2: domainB.com
SOA=DC.domainB.com
Name servers=dc.domainB.com, dc.domainA.com
Forwarder pointing to DC.domainB.com
I am to understand that the second lookup zone for domainB is so they can talk.
AD-integrated lookup zones for DomainB.com:
Zone1: domainB.com
SOA: dc.domainB.com
Name servers=dc.domainB.com, dc.domainA.com
Conditional Forwarder pointing to DC.domainA.com
domainB.com also has a _msdcs zone because DCPROMO installed DNS automatically. Do I need to do anything with it??
I even created a root hint in both domains to point to each other.
DomainA cannot ping domainB.com, but it can ping dc.domainB.com
DomainB CAN ping domainA.com as well as dc.domainA.com and dc-backup.domainA.com
When I try to create the trust I get:
The secure channel (SC) verification on domain controller \\dc.domainB.com of domain domainB.com to domain domainA.com failed with error: The security database on the server does not have a computer account for this workstation trust relationship.
The secure channel (SC) verification on domain controller \\DC-backup.domainA.com of domain domainA.org to domain domainB.com failed with error: The specified domain either does not exist or could not be contacted.
Plus, all of my references to DomainA from domainB are to the DC housing the DNS, not the PDC. Should that change?
Any advice you could give would really help at this point. This is a test box but I am pulling my hair out!!
Thanks,
I am setting up a new domain on Server 2003 in a seperate forest for a future migration:
DomainA = current domain (2000) (2 dns servers)
DomainB = new domain (2003) (1 dns server)
DomainA DNS: has 2 AD-integrated forward lookup zones
AD-integrated lookup zones for DomainA.com:
Zone1: domainA.com
SOA=DC.domainA.com
Name servers=dc.domainA.com, dc-backup.domainA.com, dc.domainB.com
Created a host record in this domain to point to the IP of the domainB DC. Is that right?
Zone2: domainB.com
SOA=DC.domainB.com
Name servers=dc.domainB.com, dc.domainA.com
Forwarder pointing to DC.domainB.com
I am to understand that the second lookup zone for domainB is so they can talk.
AD-integrated lookup zones for DomainB.com:
Zone1: domainB.com
SOA: dc.domainB.com
Name servers=dc.domainB.com, dc.domainA.com
Conditional Forwarder pointing to DC.domainA.com
domainB.com also has a _msdcs zone because DCPROMO installed DNS automatically. Do I need to do anything with it??
I even created a root hint in both domains to point to each other.
DomainA cannot ping domainB.com, but it can ping dc.domainB.com
DomainB CAN ping domainA.com as well as dc.domainA.com and dc-backup.domainA.com
When I try to create the trust I get:
The secure channel (SC) verification on domain controller \\dc.domainB.com of domain domainB.com to domain domainA.com failed with error: The security database on the server does not have a computer account for this workstation trust relationship.
The secure channel (SC) verification on domain controller \\DC-backup.domainA.com of domain domainA.org to domain domainB.com failed with error: The specified domain either does not exist or could not be contacted.
Plus, all of my references to DomainA from domainB are to the DC housing the DNS, not the PDC. Should that change?
Any advice you could give would really help at this point. This is a test box but I am pulling my hair out!!
Thanks,
