Problems w/Domain Trust Setup

[jdonalds]

In the process of setting up a trust relationship between two domains we were finally successful in creating a vpn tunnel between the cisco pix and nortel contivity. The tunnel is up and we are able to ping respective servers.

However, we are unsuccessful in creating the domain trusts in order to access respective resources. We've attempted to create a bi-directional trust and receive the following messages on both domains:

(Active Directory: The (domain name) domain cannot be contacted.If this domain is a Windows domain, the trust cannot be set up until the domain is contacted. Click Cancel and try again later. If this is an interoperable non-Windows Kerberos realm and you want to set up this side of the trust, click ok.)

We then click ok and they show up in the listing as "Non-Windows Keberos Realm" relationship. We've seen several tips to resolving this including adjusting the lmhosts file on each controller. Has anyone seen this before and if so what steps do you recommend to resolve this issue.

Thanks,
Jeremy

 

[TallyRich]

Been down this road more than once. There are two steps that if followed will make life much, much easier.

1) Have each end of the trust set up DNS for each other and allow zone transfers.

2) Set up proper LMHosts entries on each end for the other ends DC. (Microsoft has a tool (free) for making the entry with the proper spacing.)

Without those pieces in place it can be a nightmare.

 

[mlichstein]

The two suggestions above are excellent, but you should only need one. Name resolution is the problem here, and you can either use DNS or LMHOSTS to resolve names in each of the domains. DNS would probably be easiest.