Hey All,
I am required to set up a trust with an acquisitions domain. Ports 53, 88 and 389 (TCP & UDP) are open on the firewall theirs and ours - Both Ways verified.
I have bought in a Forward Lookup Zone of their DNS - Secondary Zone, have also however tried a Stub Zone and a Conditional Forwarder.
When I go to create the trust however it says the domain can not be contacted. I am ONLY able to connect to one of their DC's, in a DMZ, it is also a Global Catalog Server. When I ping the FQDN of the domain it goes from one of their DNS servers to another. After numerous IPCONFIG /FLUSHDNS and re-pings it eventually pings the FQDN. Still no go when trying to establish the trust.
Created a host entry for the FQDN, no go. Tried LMHOST record reload and checked the cache to verify new records were present, no go. Added the IP of their DNS server as an alternate DNS server address on the adapter, no go. Flicked between Enable NetBIOS over TCP/IP and Disable NetBIOS over TCP/IP, no go.
Perform an nslookup - .[FQDNDomain] get all IP's of their DNS servers. Perform an nslookup - set q=srv - __ladap._tcp.[FQDNDomain] get all their DNS servers all have the same weighting and a priority of 0. Perform an nslookup - guid_msdcs.[FQDNDomain] get their primary name server etc. which is the DC I can get to. SOA is the also the DC I can connect to.
Not sure if it is something to do with the Netlogon service utilising DSGetDcName? What is the next logical step, what am I missing?
I can provide more info should this be required.
Thanking anyone in advance.
James Blair
Note: This email, including any attachments, is confidential. If you have received this email in error, please advise the sender and delete it and all copies of it from your system. If you are not the intended recipient of this email, you must not use, print, distribute, copy or disclose its content to anyone. |
