Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Trusting across VPN

Status
Not open for further replies.
CjUkX

CjUkX

MIS
Jun 16, 2003
3
0
0
GB
I need to setup Active Directory Trusting betweem two company sites. I am connecting from our remote site to our primary site via a VPN. Both sites are running Win2K server.
The servers can ping each other but if i try to trust one of the domains from the other i get an error stating the 'domain cannot be contacted'.

Has anyone managed to set up a domain trust across a VPN? If so how did you go about it.

 
Sort by date Sort by votes

CjUkx,


You said "The servers can ping each other..."

I assume that they can only ping by IP address and not name resolution, is this correct?

If so, the issue is most likely DNS. Do you have an entry for the DNS server of the domain you are trying to 'trust' across the VPN entered on the machine you are using to establish the trust?


Patty [ponytails2]
 
Upvote 0 Downvote
I have added a DNS entry for each server and they can resolve each others DNS fine.
I also put an entry for the other domain on each server in the lmhosts file -

lmhosts on SERVER1 reads;
nnn.nnn.nnn.nnn SERVER2 #PRE #DOM:DOMAIN2.com

lmhosts on SERVER2 reads;
nnn.nnn.nnn.nnn SERVER1 #PRE #DOM:DOMAIN1.com

This now allows me to add a 'standard secondary lookupzone' on SERVER1 looking at DOMAIN2. I can now trust DOMAIN2 form SERVER1.

I then try to add a 'standard secondary lookupzone' on SERVER2 to look at DOMAIN1 and i get a 'DNS Access Denied' error.

Is this a permissions issue? The user that is connecting via VPN from SERVER2 has administrative rights locally on SERVER1. I was going to add the administrative group from DOMAIN2 to DOMAIN1 but when I try to browse DOMAIN2 users from SERVER1/DOMAIN1, SERVER1 falls over and requires a power cycle (i assume this is because the trust is not complete).

In short i can now contact DOMAIN2 from SERVER1 but cannot contact DOMAIN1 from SERVER2 (altough the two servers have no problem resolving each ohter on thier local domains).
 
Upvote 0 Downvote
CjUkX,

"Is this a permissions issue?

Looks like it to me.

"...has administrative rights locally...

At minimum you will need to be a member of the Domain Administrators group to manipulate DNS. There is also a DNSAdmin group that would do as well.


Patty [ponytails2]
 
Upvote 0 Downvote
I have encountered this problem and it just so happend that our VPN was with IPSEC. IPSEC does not let RPC communications go through.

you have to make sure RPC can travel through cause you absolutely need that for trust relationships...

hope this helps
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

StevenFromSouth
  • Locked
  • Question
VPN Connects but cannot access remote network computers or folders
Replies
1
Views
107
StevenFromSouth
StevenFromSouth
bechna
  • Locked
  • Question
Windows Server and VPN Setup
Replies
1
Views
89
DrB0b
DrB0b
bechna
  • Locked
  • Question
Unable to connect to VPN windows server 2019
Replies
0
Views
78
bechna
bechna
FreeSoldier
  • Locked
  • Question
Server 2012 R2 VPN Encryption
Replies
1
Views
90
tacohunter
tacohunter
ncotton
  • Locked
  • Question
Migrating Hyper-V Services across Storage Platforms
Replies
0
Views
38
ncotton
ncotton

Part and Inventory Search

Sponsor

Back
Top