none
cannot validate trust - cannot find DC

    Question

  • I cannot validate a trust on one particular server in another domain. Its an external one way trust. basically all member servers have no problem validating the trust when we run validate on the member servers but this one does. any idea? It says cannot find domain controller

     

    Thanks

    Wednesday, September 01, 2010 5:25 PM

All replies

  • It may be a DNS issue. Make sure that the DNS server used by this server is forwarding packets for the domain to trust to a DNS server used in this domain.

    If your DNS configuration is okay, I think all will finish without problems.

     


     

    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Wednesday, September 01, 2010 5:53 PM
  • Are you in one forest or trying to establish a trust across to another forest?  You might need to configure conditional forwarders in the DNS to point to the other domain and establish the trust again.


    MCITP: Enterprise Messaging Administrator 2007/2010 | MCITP: Server Administrator | MCTS: Windows Server 2008 Applications Infrastructure, Configuring | MCP | MCDST
    Wednesday, September 01, 2010 6:03 PM
  • or host a secondary zone in your dns. you need either conditional forwarding or a secondary zone
    Roy Mayo | MCSE
    Wednesday, September 01, 2010 6:06 PM
  • this is a 2008 domain mixed mode. when i run nslookup from any 2008 member server its ok.

     

    but when i run nslookup from 2003 machines I get 

     

    Server: unknown

    Address:x.x.x.x

    **** Unknown can't find nslookup: Non-existent domain

     

    ------------

     

     

    runnning dcdiag from the dcs shows this

     

         Starting test: SystemLog

            An Warning Event occurred.  EventID: 0x00001695

               Time Generated: 09/01/2010   10:30:56

               Event String:

               Dynamic registration or deletion of one or more DNS records associat

    d with DNS domain 'domain.com.' failed.  These records are used by other compu

    ers to locate this server as a domain controller (if the specified domain is an

    Active Directory domain) or as an LDAP server (if the specified domain is an ap

    lication partition).

            An Warning Event occurred.  EventID: 0x00001695

               Time Generated: 09/01/2010   10:30:56

               Event String:

               Dynamic registration or deletion of one or more DNS records associat

    d with DNS domain 'DomainDnsZones.domain.com.' failed.  These records are used

    by other computers to locate this server as a domain controller (if the specifi

    d domain is an Active Directory domain) or as an LDAP server (if the specified

    omain is an application partition).

            An Warning Event occurred.  EventID: 0x00001695

               Time Generated: 09/01/2010   10:30:56

               Event String:

               Dynamic registration or deletion of one or more DNS records associat

    d with DNS domain 'ForestDnsZones.domain.com.' failed.  These records are used

    by other computers to locate this server as a domain controller (if the specifi

    d domain is an Active Directory domain) or as an LDAP server (if the specified

    omain is an application partition).

     

     

    Wednesday, September 01, 2010 6:06 PM
  • Hi Tom,

    it is what I proposed as a configuration. It is just I am not used to speak english so I did not found the word "conditional forwarders".

    This is a link showing how to configure conditional forwarders:

    http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html


     This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Wednesday, September 01, 2010 6:09 PM
  • DNS and NetBIOS Name Resolution to Create External, Realm and Forest Trusts

    http://technet.microsoft.com/en-us/library/ee307976(WS.10).aspx


    Roy Mayo | MCSE
    Wednesday, September 01, 2010 6:15 PM
  • Server: unknown

    Address:x.x.x.x

    **** Unknown can't find nslookup: Non-existent domain


    Resolution: The "nonexistent domain" message means nslookup can't map x.x.x.x, the IP address of its name server, to a domain name. Adding the PTR records for the server fixes the issue.

    Reference:

    http://www.howtonetworking.com/casestudy/nslookup2.htm

     

     


     

     This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Wednesday, September 01, 2010 6:18 PM
  • Hello JonDoe321,

    Whether only the problematic server is located in another domain? The other working servers are located in another same domain?

    Please check if the workaround in the following thread can resolve the issue.

    Domain trust - Cannot find a domain controller
    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/3e0c7637-1a87-4d48-9e8d-cda5d4e31681/

    Meanwhile, please upload the following log file to the SkyDrive for further research, and let me know your upload link.

    Run dcdiag, netdiag and repadmin in verbose mode.
    -> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
    -> netdiag.exe /v > c:\netdiag.log (On each dc)
    -> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
    -> dnslint /ad /s "ip address of your dc"
    -> nltest /dsgetdc:< your domain name > /force > c:\nltest.txt

    Also, please check if the necessary port is blocked by firewall.

    How to configure a firewall for domains and trusts
    http://support.microsoft.com/kb/179442

    Brent Hu,

     


     

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

    Wednesday, September 08, 2010 9:15 AM
    Moderator