can't create trust to external domain

Hi,

I have two Windows Server 2003 domain controllers in two separate domains
(one per domain). Both domains are at the Windows Server 2003 functional
level. Both have DNS installed for their own domains are are secondary DNS
servers for each other.

On SERVER1 in DOMAIN1, when I go into AD Domains and Trusts and try to
establish a trust to the other domain, when I type in the DNS name (or the
NetBIOS), I get the following message:

New Trust Wizard
Trust Type
The name you specified is not a valid Windows domain name. Is the specified
name a Kerberos V5 realm?

Then you can select the "appropriate" trust type: either "Realm Trust" or
"Trust with a Windows domain"

I've tried both and neither work.

Any ideas?

Seth

In news:uRufWaX5FHA.3760@TK2MSFTNGP14.phx.gbl,
Seth <sedval@community.nospam> made this post, which I then commented about
below:
> Hi,
>
> I have two Windows Server 2003 domain controllers in two separate
> domains (one per domain). Both domains are at the Windows Server 2003
> functional level. Both have DNS installed for their own domains are
> are secondary DNS servers for each other.
>
> On SERVER1 in DOMAIN1, when I go into AD Domains and Trusts and try to
> establish a trust to the other domain, when I type in the DNS name
> (or the NetBIOS), I get the following message:
>
> New Trust Wizard
> Trust Type
> The name you specified is not a valid Windows domain name. Is the
> specified name a Kerberos V5 realm?
>
> Then you can select the "appropriate" trust type: either "Realm
> Trust" or "Trust with a Windows domain"
>
> I've tried both and neither work.
>
> Any ideas?
>
> Seth

Can we get some more config info please?

1. ipconfig /all from both DCs on each side
2. Did you mean both forests are Windows 2003 levels, or just the domains?
3. Are you trying to create a specific domain to domain trust (external NT4
style trust), or a forest trust between the two 2003 forests?


Thanks!

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply
unless that website posts replies back to the original Microsoft forum.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit or ensure the web community
posts it back to the original forum.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Windows Server Directory Services
Microsoft Certified Trainer
Infinite Diversities in Infinite Combinations.
=================================

**********************************
SERVER1.DOMAIN1.LOCAL information
**********************************
Windows IP Configuration

Host Name . . . . . . . . . . . . : SERVER1
Primary Dns Suffix . . . . . . . : DOMAIN1.local
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : DOMAIN1.local

Ethernet adapter Local Area Connection 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 8255x-based PCI Ethernet
Adapter (10/100)
Physical Address. . . . . . . . . : 00-06-5B-EE-9E-7B
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.14.1.201
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.14.1.125 (router to T1 to other
LAN where other domain exists)
DNS Servers . . . . . . . . . . . : 10.14.1.201
***********************************
SERVER2.DOMAIN2.LOCAL information
***********************************
Windows IP Configuration

Host Name . . . . . . . . . . . . : SERVER2
Primary Dns Suffix . . . . . . . : DOMAIN2.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : DOMAIN2.local

Ethernet adapter Intel Pro 1000 MT Gigabit Ethernet Adapter - Onboard - Link
A:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-11-43-D1-A4-9E
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.14.2.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.14.2.125 (router to T1 to other
LAN where other domain exists)
DNS Servers . . . . . . . . . . . : 10.14.2.100
***************
Other information:
***************
The forest levels are Windows 2000
The domain levels were Windows 2000 mixed. I had this problem, so one of the
steps I did was move them to the Windows Server 2003 functional level.

I just want a two-way trust between the two domains. I haven't encountered
this error before.

Thanks for your time,

Seth

Hi, I got it working as soon as I domain transferred the _msdcs.blablablah
zones.

thanks,

Seth

In news:elxeFXY5FHA.3544@TK2MSFTNGP09.phx.gbl,
Seth <sedval@community.nospam> made this post, which I then commented about
below:
> Hi, I got it working as soon as I domain transferred the
> _msdcs.blablablah zones.
>
> thanks,
>
> Seth

Good to hear Seth!

If you make both forests full 2003 levels, you can create a forest trust.
Pretty cool feature.

Ace

Yeah a forest trust makes all domains in both forests transitively trust
each other. Neat.

--
Spin

"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:Or$CwYb5FHA.2888@tk2msftngp13.phx.gbl...
> Good to hear Seth!
>
> If you make both forests full 2003 levels, you can create a forest trust.
> Pretty cool feature.
>
> Ace
>

In news:3tn9sfFtj872U1@individual.net,
Spin <Spin@spin.com> made this post, which I then commented about below:
> Yeah a forest trust makes all domains in both forests transitively
> trust each other. Neat.
>
Spin,

Glad to see you are reading up on all the posts. I'm sure the newsgroups
have helped you in your goals. If you keep reading up on everything, and
learn a bit more and you feel you are able to anwer questions accurately &
professionally, and follow up with responses and such, well, email me
offline for more info.

Ace

Yes I have read all your posts and learned a lot from you Ace. You are a
well-deserved MVP (and all that other stuff you have)!

the "Spinster"

"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:%23AsPZZN6FHA.4012@TK2MSFTNGP14.phx.gbl...
> In news:3tn9sfFtj872U1@individual.net,
> Spin <Spin@spin.com> made this post, which I then commented about below:
>> Yeah a forest trust makes all domains in both forests transitively
>> trust each other. Neat.
>>
> Spin,
>
> Glad to see you are reading up on all the posts. I'm sure the newsgroups
> have helped you in your goals. If you keep reading up on everything, and
> learn a bit more and you feel you are able to anwer questions accurately &
> professionally, and follow up with responses and such, well, email me
> offline for more info.
>
> Ace
>
>
>
>

In news:3tql5iFtvknkU1@individual.net,
Spin <Spin@spin.com> made this post, which I then commented about below:
> Yes I have read all your posts and learned a lot from you Ace. You
> are a well-deserved MVP (and all that other stuff you have)!
>
> the "Spinster"

I was implying you know you can become an MVP as well. Keep up with
accurately, professionally and courteously replying to posts, and follow up
on them, and we'll see what happens.

Ace

Hi,

I am having same problem as you defined before few days . PLease explain me what you did so it is working well now at your end.

Thanks