none
Same old trust relationship issues

    Question

  • Hi,

    I have been struggling for 2 days now on this issue and i cannot find out WHY this is happening.

    I have 8 domains. Each domain has 1 domain controllers. Each domain is on its own forest (please no comments, there is a reason).

    I do want one of those domains to have trust relationship with all the others.

    I did my dns conditional forwarders, I opened ports. 6 out of 7 domains work fine. On the 7th i have the following strange issue:

    DC1 can communicate no problem with my "master" domain

    DC2 can't. DNS resolves fine. Replication between the two DCs works fine. I see no issues anywhere. And yet, when i try to validate, DC1 is succeeding, DC2 is failing. DC1 and DC2 are equal within the domain (GC, etc).

    so what on earth is wrong? Could you please help me to troubleshoot it?

    Monday, May 1, 2017 12:44 PM

Answers

  • hello,

    i found what the problem is but i haven't found what is causing it. From DC2 i cannot access any of the ports of the other domain.

    I will look into the firewalls and network to find why this specific one doesn't communicate.

    thank you for your time.

    • Marked as answer by VasileiosG Tuesday, May 2, 2017 10:36 AM
    Tuesday, May 2, 2017 10:36 AM

All replies

  • Hi

    DC1 is succeeding, DC2 is failing >>> First check the DC2 health status,run "dcdiag"..also check event viewer for related error log's.

    Also you should check this trust troubleshooting article;

    https://technet.microsoft.com/en-us/library/cc794894(v=ws.10).aspx


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Monday, May 1, 2017 8:31 PM
  • As mentioned, use dcdiag to check the health status of DC2. Also, please refer to logged events when you try to create the trust. That should provide some guidance on what the issue could be.

    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    Monday, May 1, 2017 10:20 PM
  • Hi and thanks a lot for your replies,

    These are the only errors that i get, everything else passes:

          Starting test: SystemLog
             An error event occurred.  EventID: 0xC0001B63
                Time Generated: 05/02/2017   00:27:08
                Event String:
                A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UmRdpService service.
             An error event occurred.  EventID: 0xC0001B63
                Time Generated: 05/02/2017   00:27:38
                Event String:
                A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ScDeviceEnum service.
             An error event occurred.  EventID: 0xC0001B58
                Time Generated: 05/02/2017   00:27:38
                Event String:
                The Smart Card Device Enumeration Service service failed to start due to the following error:
             ......................... {COMP} failed test SystemLog
          Starting test: VerifyReferences

             ......................... {COMP} passed test VerifyReferences

    I created the trust from DC1, not from DC2. If i try to create the trust on DC2 (after removing it from DC1) then it fails.

    I don't know exactly what to look in the logs. This is the only error i see:

    This computer was not able to set up a secure session with a domain controller in domain {DOMAIN} due to the following: 
    There are currently no logon servers available to service the logon request. 
    This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.  

    ADDITIONAL INFO 
    If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

    Tuesday, May 2, 2017 7:53 AM
  • hello,

    i found what the problem is but i haven't found what is causing it. From DC2 i cannot access any of the ports of the other domain.

    I will look into the firewalls and network to find why this specific one doesn't communicate.

    thank you for your time.

    • Marked as answer by VasileiosG Tuesday, May 2, 2017 10:36 AM
    Tuesday, May 2, 2017 10:36 AM