Trust Relationship between external domains

[briteeyez]

Hi

I tried creating a trust relationship between my two external domains. One is here at the office in the Caribbean and the other in Canada. When I try to create the trust I get the following message "if this is a windows domain the trust cannot be setup until the domain can be contacted. If this is an interoperable non-Wwindows Kerberos realm and you want to set this side of the trust click ok."

Why is this happening. Wwhat did i do wrong. please help

 

[jthiessen]

Hi brite, the problem here is that Windows sucks. Technically the problem is DNS, but even if DNS is right this won't work. What you need to do is set the adapter on each DC to the remote DC for DNS. Make sure it is only the remote DC, and better do this through a tunnel.

 

[briteeyez]

I am quite new at this DNS stuff, i can ping the external site by IP but not by name and the same from there end. what do i need to do to allow this to happen. thanks for you suggestion

 

[briteeyez]

I am quite new at this DNS stuff, i can ping the external site by IP but not by name and the same from there end. what do i need to do to allow this to happen. thanks for you suggestion.

 

[CyberGar]

You don't have to set DNS to each other. In fact, that won't fix it.
What you DO need is an entry into the lmhosts file on each DC. If you've never worked in one, it is located in
%systemroot%\system32\drivers\etc.
You will find a sample already there. Just use the .sam file and save it as lmhosts (with no extention)... Anyway... Put these two lines in the file. Note: The second line must contain the correct number of places between the quotes. I put a template directly below to show the spacing. I also stuck in the lines from my lmhosts file (with modified names) to show a "real world" example.

<RemIP> <RemServerName> #PRE #DOM:<RemDomainName>
<RemIP> &quot;<RemDomain> \0x1b&quot; #PRE
&quot;123456789012345*7890&quot;

192.168.1.1 CAIROX #PRE #DOMLANT #Primary DC
192.168.1.1 &quot;PLANT \0x1b&quot; #PRE

If Windows 2000 servers, avoid the urge to use domain names with the .whatever on the end. Just use the domain name alone (old style)...
Once you've created these entries, you must clear and reload your name cache:
(from a command promtp)
nbtstat -R (the &quot;R&quot; MUST be capitalized)
You can then view the cache to see if it contains entries:
nbtstat -c (the &quot;c&quot; MUST be lowercase)

I had the same issues and this is what fixed it, so good luck to you!

Have a happy Thanksgiving!

 

[gurner]

Lmhost files use NetBIOS

domain name= TESTDOMAIN
machine name= SERVER

DNS (FQDN's)=
Server.TestDomain.co.uk (server)
TestDomain.co.uk (Domain)

How about configuring a VPN Tunnel (with point to point IPs)to each one if you are using Win2k and they can PING each other.

Add a new zone to the DNS in the Forward Lookup Zone

 

[gurner]

Woops, misinterpreted the post!

This probably won't fix Trust relationship probs it will enable you to ping by name though!

Which i suppose in theory will fix your prob because it was the initial contact of domains that was failing?