Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Trust between two 2003 servers?

Status
Not open for further replies.
Tony414

Tony414

MIS
Feb 3, 2003
197
US
Hello,
Be gentle. I might be a little confusing since I'm not a pro at this. I have two 2003 DC servers at two seperate locations. I will call them server1.work.com and server2.work.com. They are not in the same forest. I hope I'm saying that correctly. First off, is there a way to join server1's forest without losing data(programs that have been installed) on server2? If not, what's the best way of setting up a trust between the two?

I have tried to set up a trust, but I'm getting an error. When I select the radio button "Trust with a windows domain" then I'm putting in the FQDN I get "The new trust wizard cannot continue because the specified domain cannot be contacted" Does this have something to do with DNS? Any help on this would be greatly appreciated.

Tony
 
Sort by date Sort by votes
First off, if you have server1.work.com and server2.work.com, then not only are they in the same forest, they're in the same domain!

Second, what's the physical connection between the two locations? Can you ping server2 from server1 and vice-versa?

I think there are other issues to resolve first...

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
 
Upvote 0 Downvote
Well. I just came up with those names. It's more like server1.work1.com and server2.work2.work1.com. Does this make sense? If needed I can give you the actual FQDN.

The physical connection is a Point-Point T1. I can't ping by name, only py IP

Tony
 
Upvote 0 Downvote
Ok. Then if that's the case how come AD or pinging is not working correctly? What can I do? Thanks!
 
Upvote 0 Downvote
Well, I suspect that the two were set up separately, using the same work1.com domain name, instead of adding the second to the domain of the first. If that's the case, you're in for a wild ride, as you're going to have all kinds of problems when two can see each other.

At any rate, there seems to be a name resolution issue between the two. If each is pointing to themselves for their DNS, and they are two separate (but same named) domains, then DNS zone transfers would not be taking place.

You could, in theory, create a host record for the second server in the first server's DNS forward lookup zone. And then the other way around, as well.

But I still think there is more going on here than we're aware of.

Pat Richard
Microsoft Exchange MVP
 
Upvote 0 Downvote
Yes, correct. The two were set up separatly. Is there a way to determine what could be causing this?

The host record addition. I'm not a pro at this. I attached a pic of the area where I thought I should be adding this. Please let me know if this is the correct spot. Are you saying I should try this before doing a little more troubleshooting? Also, WINS is set up in both locations. Is this a bad thing?

Thanks,
Tony
 
 http://farm3.static.flickr.com/2256/2110922276_c1ca68b8ef_b.jpg
Upvote 0 Downvote
If they were both set up separately, but with the same domain name, then you don't want them to see each other. You'll have all kinds or problems if they do.

What should have happened is that when you were building the second server, it should have been added to the domain of the first.

Short of destroying the second domain and adding everything to the first, I think you're stuck. Others may have some ideas, but two domains with the same name is a big no-no.

Pat Richard
Microsoft Exchange MVP
 
Upvote 0 Downvote
I wouldn't even attempt to get those two domains to talk to each other right now,a s Pat says, you're only going to mess things up big time.

I can't think of a way to do it either without tearing one domain down completely and bringing it up all new in the forest of the other, sorry.

You could *try* to rename one of them using the capability of 2003 server and then try to merge it into the forest...but even that isn't guaranteed.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
 
Upvote 0 Downvote
So what classifies them as the same name? Here are the actual names of both servers (FQDN)

1.)townhall.ci.guilford.ct.us
2.)rec-server.parkrec.townhall.ci.guilford.ct.us

Thanks guys!
 
Upvote 0 Downvote
The ".ci.guilford.ct.us" part...it's a bit obfuscated though because you're saying the first servers name is "townhall"?

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
 
Upvote 0 Downvote
Ok here is what you convinced my of doing. I am going to take down the second 2003 server and start over. So when re-creating the new server, what naming should I use? Would this be ok?

1.)townhall.ci.guilford.ct.us
2.)parkrec.ci.guilford.ct.us

If that is good. Any steps I should be aware of to make it go smooth? Thanks!
 
Upvote 0 Downvote
So what your saying is I just give it a computer name of parkrec and that's it?
 
Upvote 0 Downvote
Hello,
I am back onto this subject again. I just re-created my 2003 server. I am at the point of adding Active Directory. But I'm stuck. I am at "Domain Controller type". I am selecting "Additional domain controller for an existing domain". I am then asked to enter username, password, and domain. I put that in but it doesn't work. It states it can't be contacted. Does this have something to do with DNS?

Thanks,
Tony
 
Upvote 0 Downvote
It has everything to do with DNS. The machine you are promoting to be an additional DC should have the existing DC's IP address set as it's preferred DNS server.

Paul
MCSE


"Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe."
Albert Einstein
 
Upvote 0 Downvote
Dit it! It's working now. Thanks for all the help everyone on this subject.

Tony
 
Upvote 0 Downvote
Ok. Well almost working! I believe I'm still having a dns issue. When I try to access a shared folder, I am getting access denied. If I use the ip instead of the name it works fine \\10.111.0.2\sharename (works) \\rec-server\sharename (doesn't work). I have an existing dns setup in another building. So what's the best way to set this new one up?

I joined this new server to my other domain...

If I'm missing anything please let me know. Thanks!!

Tony
 
Upvote 0 Downvote
You wouldn't get an access denied message if DNS was not working, all dns does is name resolution. Is rec-server 10.111.0.2??

Paul
MCSE


"Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe."
Albert Einstein
 
Upvote 0 Downvote
Yes rec-server is 10.111.0.2. It only works with IP not by name.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

techbrain1
  • Locked
  • Question
Trust relationship issue 1
Replies
3
Views
543
araheusaff
araheusaff
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
900
gbaughma
gbaughma
DTGMI
  • Locked
  • Question
Win 2003 & IBM X3350 M2 Server (7946AC1)
Replies
1
Views
146
technome
technome
geneg28
  • Locked
  • Question
Active Directory and Linux Servers
Replies
0
Views
131
geneg28
geneg28
evr72
  • Locked
  • Question
Wundows Server 2003 DNS can resolve names but not ip addresses
Replies
0
Views
127
evr72
evr72

Part and Inventory Search

Sponsor

Back
Top