none
Not able to establish the external trust RRS feed

  • Question

  • Hi,

    The objective is to establish a external trust , so that a users in a domain can access the resources in domain.

    So we tried to establish a external one way trust.

    When performing we get a error the current domain is not able to recognize the the other domain. it says the setup cannot continue.

    And from other we get a error message while validating " the Secure channel verification on the Active Directory Domain controller failed with errors.The specified domain could not be contacted.

    Thanks and Regards,

    Schan

    Wednesday, March 7, 2012 1:24 PM

All replies

  • Hi Schan,

    It sounds like you're running into name resolution issues. Have a read of this article first.

    If you don't feel like reading it all, then the two most important steps up front are:

    1. Create a conditional forwarder in DNS to point to the DNS servers of the remote forest you wish to create the trust with;
    2. Verify this is working by running the following command on one of your domain controllers:
      nltest /dsgetdc:remoteForest.com

    For example, if your domain is a.com and you wish to establish a trust with b.com, make sure that you load up DNS Management and add a conditional forwarder to your DNS server that points to b.com. Then run the above command. If it succeeds, you should be able to create the trust. If it does not, then you have further troubleshooting to do.

    Cheers,
    Lain

    Wednesday, March 7, 2012 1:34 PM
  • Hi Again,

    I tried it but in vain, Please find the below error message:

    C:\Documents and Settings\exsaesw>nltest /dsgetdc:inter-ikea.com
    DsGetDcName failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

    Thanks and Regards,

    Schan

    Wednesday, March 7, 2012 1:44 PM
  • Hi Schan,

    The key part to my previous post was that you need to create a conditional forwarder in your own domain to point to at least one DNS server in the inter-ikea.com domain. Did you complete this step?

    If you have done this and it's still not working, then you might have a firewall issue preventing DNS queries from your network reaching the DNS servers on the inter-ikea.com domain.

    Cheers,
    Lain

    Wednesday, March 7, 2012 1:48 PM
  • any updates?


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Wednesday, March 21, 2012 7:22 AM
    Moderator
  • Hi ,

    Please provide the OS level and SP levels . And run dcdiag /v /c /d /e /s on 2 domain controllers and provide teh output / the location to downnload the file.

    Thursday, March 22, 2012 1:22 PM
    Moderator
  • Hi Again,

    Can you please let me know the ports required to open for establishing the trust.

    Thanks and Regards,

    Schan

    Wednesday, May 2, 2012 2:41 PM