To begin with, why would you want to setup a trust and leave the firewalls in palce with so few ports?  What is then the point of the trust?

Even if you got the trust working like that (there are more ports - I think Jorge has a blog on this) you would not be able to access anything so it doesn't do you much good. I'm just not seeing the point of getting the trust working? Can you elaborate why you want to create a trust like that?

See this link as well for a list of the additional ports.

On 10/9/06, Blair, James <[EMAIL PROTECTED]> wrote:

Hey All,

I am required to set up a trust with an acquisitions domain. Ports 53, 88 and 389 (TCP & UDP) are open on the firewall theirs and ours - Both Ways verified.

I have bought in a Forward Lookup Zone of their DNS - Secondary Zone, have also however tried a Stub Zone and a Conditional Forwarder.

When I go to create the trust however it says the domain can not be contacted. I am ONLY able to connect to one of their DC's, in a DMZ, it is also a Global Catalog Server. When I ping the FQDN of the domain it goes from one of their DNS servers to another. After numerous  IPCONFIG /FLUSHDNS and re-pings it eventually pings the FQDN. Still no go when trying to establish the trust.

Created a host entry for the FQDN, no go. Tried LMHOST record reload and checked the cache to verify new records were present, no go. Added the IP of their DNS server as an alternate DNS server address on the adapter, no go. Flicked between Enable NetBIOS over TCP/IP and Disable NetBIOS over TCP/IP, no go.

Perform an nslookup - .[FQDNDomain] get all IP's of their DNS servers. Perform an nslookup - set q=srv - __ladap._tcp.[FQDNDomain] get all their DNS servers all have the same weighting and a priority of 0. Perform an nslookup - guid_msdcs.[FQDNDomain] get their primary name server etc. which is the DC I can get to. SOA is the also the DC I can connect to.

Not sure if it is something to do with the Netlogon service utilising DSGetDcName? What is the next logical step, what am I missing?

I can provide more info should this be required.

Thanking anyone in advance.

James Blair

Note: This email, including any attachments, is confidential. If you have received this email in error, please advise the sender and delete it and all copies of it from your system. If you are not the intended recipient of this email, you must not use, print, distribute, copy or disclose its content to anyone. 

Reply via email to