| Author |
Message |
Seth
Guest
|
 Posted:
Wed Nov 09, 2005 9:50 pm Post subject:
can't create trust to external domain |
|
|
Hi,
I have two Windows Server 2003 domain controllers in two separate domains
(one per domain). Both domains are at the Windows Server 2003 functional
level. Both have DNS installed for their own domains are are secondary DNS
servers for each other.
On SERVER1 in DOMAIN1, when I go into AD Domains and Trusts and try to
establish a trust to the other domain, when I type in the DNS name (or the
NetBIOS), I get the following message:
New Trust Wizard
Trust Type
The name you specified is not a valid Windows domain name. Is the specified
name a Kerberos V5 realm?
Then you can select the "appropriate" trust type: either "Realm Trust" or
"Trust with a Windows domain"
I've tried both and neither work.
Any ideas?
Seth |
|
| Back to top |
|
 |
Ace Fekay [MVP]
Guest
|
| Posted:
Thu Nov 10, 2005 1:51 am Post subject:
Re: can't create trust to external domain |
|
|
In news:uRufWaX5FHA.3760@TK2MSFTNGP14.phx.gbl,
Seth <sedval@community.nospam> made this post, which I then commented about
below:
| Quote: | Hi,
I have two Windows Server 2003 domain controllers in two separate
domains (one per domain). Both domains are at the Windows Server 2003
functional level. Both have DNS installed for their own domains are
are secondary DNS servers for each other.
On SERVER1 in DOMAIN1, when I go into AD Domains and Trusts and try to
establish a trust to the other domain, when I type in the DNS name
(or the NetBIOS), I get the following message:
New Trust Wizard
Trust Type
The name you specified is not a valid Windows domain name. Is the
specified name a Kerberos V5 realm?
Then you can select the "appropriate" trust type: either "Realm
Trust" or "Trust with a Windows domain"
I've tried both and neither work.
Any ideas?
Seth
|
Can we get some more config info please?
1. ipconfig /all from both DCs on each side
2. Did you mean both forests are Windows 2003 levels, or just the domains?
3. Are you trying to create a specific domain to domain trust (external NT4
style trust), or a forest trust between the two 2003 forests?
Thanks!
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply
unless that website posts replies back to the original Microsoft forum.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit or ensure the web community
posts it back to the original forum.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Windows Server Directory Services
Microsoft Certified Trainer
Infinite Diversities in Infinite Combinations.
================================= |
|
| Back to top |
|
|
Seth
Guest
|
| Posted:
Thu Nov 10, 2005 1:51 am Post subject:
Re: can't create trust to external domain |
|
|
**********************************
SERVER1.DOMAIN1.LOCAL information
**********************************
Windows IP Configuration
Host Name . . . . . . . . . . . . : SERVER1
Primary Dns Suffix . . . . . . . : DOMAIN1.local
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : DOMAIN1.local
Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 8255x-based PCI Ethernet
Adapter (10/100)
Physical Address. . . . . . . . . : 00-06-5B-EE-9E-7B
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.14.1.201
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.14.1.125 (router to T1 to other
LAN where other domain exists)
DNS Servers . . . . . . . . . . . : 10.14.1.201
***********************************
SERVER2.DOMAIN2.LOCAL information
***********************************
Windows IP Configuration
Host Name . . . . . . . . . . . . : SERVER2
Primary Dns Suffix . . . . . . . : DOMAIN2.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : DOMAIN2.local
Ethernet adapter Intel Pro 1000 MT Gigabit Ethernet Adapter - Onboard - Link
A:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-11-43-D1-A4-9E
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.14.2.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.14.2.125 (router to T1 to other
LAN where other domain exists)
DNS Servers . . . . . . . . . . . : 10.14.2.100
***************
Other information:
***************
The forest levels are Windows 2000
The domain levels were Windows 2000 mixed. I had this problem, so one of the
steps I did was move them to the Windows Server 2003 functional level.
I just want a two-way trust between the two domains. I haven't encountered
this error before.
Thanks for your time,
Seth
C:\Documents and Settings\Administrator>
"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:%23pVMOAY5FHA.2524@TK2MSFTNGP10.phx.gbl...
| Quote: | In news:uRufWaX5FHA.3760@TK2MSFTNGP14.phx.gbl,
Seth <sedval@community.nospam> made this post, which I then commented
about below:
Hi,
I have two Windows Server 2003 domain controllers in two separate
domains (one per domain). Both domains are at the Windows Server 2003
functional level. Both have DNS installed for their own domains are
are secondary DNS servers for each other.
On SERVER1 in DOMAIN1, when I go into AD Domains and Trusts and try to
establish a trust to the other domain, when I type in the DNS name
(or the NetBIOS), I get the following message:
New Trust Wizard
Trust Type
The name you specified is not a valid Windows domain name. Is the
specified name a Kerberos V5 realm?
Then you can select the "appropriate" trust type: either "Realm
Trust" or "Trust with a Windows domain"
I've tried both and neither work.
Any ideas?
Seth
Can we get some more config info please?
1. ipconfig /all from both DCs on each side
2. Did you mean both forests are Windows 2003 levels, or just the domains?
3. Are you trying to create a specific domain to domain trust (external
NT4 style trust), or a forest trust between the two 2003 forests?
Thanks!
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
If this post is viewed at a non-Microsoft community website, and you were
to respond to it through that community's website, I may not see your
reply unless that website posts replies back to the original Microsoft
forum. Therefore, please direct all replies ONLY to the Microsoft public
newsgroup this thread originated in so all can benefit or ensure the web
community posts it back to the original forum.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Windows Server Directory Services
Microsoft Certified Trainer
Infinite Diversities in Infinite Combinations.
=================================
|
|
|
| Back to top |
|
|
Seth
Guest
|
| Posted:
Thu Nov 10, 2005 1:51 am Post subject:
Re: can't create trust to external domain |
|
|
Hi, I got it working as soon as I domain transferred the _msdcs.blablablah
zones.
thanks,
Seth
"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:%23pVMOAY5FHA.2524@TK2MSFTNGP10.phx.gbl...
| Quote: | In news:uRufWaX5FHA.3760@TK2MSFTNGP14.phx.gbl,
Seth <sedval@community.nospam> made this post, which I then commented
about below:
Hi,
I have two Windows Server 2003 domain controllers in two separate
domains (one per domain). Both domains are at the Windows Server 2003
functional level. Both have DNS installed for their own domains are
are secondary DNS servers for each other.
On SERVER1 in DOMAIN1, when I go into AD Domains and Trusts and try to
establish a trust to the other domain, when I type in the DNS name
(or the NetBIOS), I get the following message:
New Trust Wizard
Trust Type
The name you specified is not a valid Windows domain name. Is the
specified name a Kerberos V5 realm?
Then you can select the "appropriate" trust type: either "Realm
Trust" or "Trust with a Windows domain"
I've tried both and neither work.
Any ideas?
Seth
Can we get some more config info please?
1. ipconfig /all from both DCs on each side
2. Did you mean both forests are Windows 2003 levels, or just the domains?
3. Are you trying to create a specific domain to domain trust (external
NT4 style trust), or a forest trust between the two 2003 forests?
Thanks!
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
If this post is viewed at a non-Microsoft community website, and you were
to respond to it through that community's website, I may not see your
reply unless that website posts replies back to the original Microsoft
forum. Therefore, please direct all replies ONLY to the Microsoft public
newsgroup this thread originated in so all can benefit or ensure the web
community posts it back to the original forum.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Windows Server Directory Services
Microsoft Certified Trainer
Infinite Diversities in Infinite Combinations.
=================================
|
|
|
| Back to top |
|
|
Ace Fekay [MVP]
Guest
|
| Posted:
Thu Nov 10, 2005 9:50 am Post subject:
Re: can't create trust to external domain |
|
|
In news:elxeFXY5FHA.3544@TK2MSFTNGP09.phx.gbl,
Seth <sedval@community.nospam> made this post, which I then commented about
below:
| Quote: | Hi, I got it working as soon as I domain transferred the
_msdcs.blablablah zones.
thanks,
Seth
|
Good to hear Seth!
If you make both forests full 2003 levels, you can create a forest trust.
Pretty cool feature.
Ace |
|
| Back to top |
|
|
Spin
Guest
|
| Posted:
Sun Nov 13, 2005 1:50 am Post subject:
Re: can't create trust to external domain |
|
|
Yeah a forest trust makes all domains in both forests transitively trust
each other. Neat.
--
Spin
"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:Or$CwYb5FHA.2888@tk2msftngp13.phx.gbl...
| Quote: | Good to hear Seth!
If you make both forests full 2003 levels, you can create a forest trust.
Pretty cool feature.
Ace
|
|
|
| Back to top |
|
|
Ace Fekay [MVP]
Guest
|
| Posted:
Mon Nov 14, 2005 9:50 am Post subject:
Re: can't create trust to external domain |
|
|
In news:3tn9sfFtj872U1@individual.net,
Spin <Spin@spin.com> made this post, which I then commented about below:
| Quote: | Yeah a forest trust makes all domains in both forests transitively
trust each other. Neat.
Spin, |
Glad to see you are reading up on all the posts. I'm sure the newsgroups
have helped you in your goals. If you keep reading up on everything, and
learn a bit more and you feel you are able to anwer questions accurately &
professionally, and follow up with responses and such, well, email me
offline for more info.
Ace |
|
| Back to top |
|
|
Spin
Guest
|
| Posted:
Mon Nov 14, 2005 9:50 am Post subject:
Re: can't create trust to external domain |
|
|
Yes I have read all your posts and learned a lot from you Ace. You are a
well-deserved MVP (and all that other stuff you have)!
the "Spinster"
"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:%23AsPZZN6FHA.4012@TK2MSFTNGP14.phx.gbl...
| Quote: | In news:3tn9sfFtj872U1@individual.net,
Spin <Spin@spin.com> made this post, which I then commented about below:
Yeah a forest trust makes all domains in both forests transitively
trust each other. Neat.
Spin,
Glad to see you are reading up on all the posts. I'm sure the newsgroups
have helped you in your goals. If you keep reading up on everything, and
learn a bit more and you feel you are able to anwer questions accurately &
professionally, and follow up with responses and such, well, email me
offline for more info.
Ace
|
|
|
| Back to top |
|
|
jacksnyd
Joined: 08 Dec 2005
Posts: 1
|
| Posted:
Thu Dec 08, 2005 3:14 pm Post subject:
Trust error: |
|
|
| I have a similar situation where I get the error about the name specified is not a valid Windows domain name trying to create the Trust. They are both 2000 domains and DNS & WINS are replicating between the domains. What is the _msdcs fix? |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in
