Question : Server 2003 External Trust Problem

I'm trying to create a External Trust between two forests both running Server 2003. Both DCs are at Windows Server 2003 Domain and Forest functional level. All ports were opened on the PIX for that domains public IP. The secondary zone copied over fine on both DCs but when running the New Trust Wizard I receive "The name you specified is not a vaild Windows domain name. Is the specified name a Kerberos V5 realm?". DNS problem, right? I ensured the zones have the same SOA number, so I assume they are updating and working. When trying to ping one of the domains it returns unreachable from 72.164.247.137 (Outside DNS server I would guess). When trying to ping DC A from DC B, I receive "Ping request could not find host A. Please check the name and try again.". Gotta be DNS.

Not sure if this is important, in one of the domains DNS there were two secondary zones setup. We'll call this domain B, the two zones are " _msdcs.B.local" and "B.local" but domain A only had one zone to create "A.com".

I was told by a co-worker a VPN is needed to communicate between the two DC's, but all the research never once said VPN. Is that my problem?

Thank you

Answer : Server 2003 External Trust Problem

> The secondary zone copied over fine on both DCs

If you look in the zone you should find that it lists lots of private IP addresses (and hasn't a clue about the public IP addressing). Is that correct?

That tends to be why a VPN is required, Trusts have a pre-requisite that you can talk to the other network. The cheapest solution for that tends to be a VPN.

Chris

Random Solutions

Win98 cannot ping WinXP

How a Proxy Cache works?

New names placed in Lotus Notes groups not working on ACL's

Bypassing Web Proxy

Microsoft Word - Header & Footer Question

nprint and windows xp

Can ISP make a copy of all of your network traffic and do illegal things with it???

DNS Replication problems

Can I copy security permissions from one folder to another?