Home | Site Map | Cisco How To Net How To | Wireless | Search | Forums | Services | Setup Guide | Chicagotech MVP | About Us | Contact Us|

Domain Trusts - Resolution with Screenshots

Can't create domain trust
Can't see each other while creating domain trusts
Cross-Link Trusts
DNS and NetBIOS Name Resolution Issues for Creating External, Realm and Forest Trusts
One-Way Trusts

Transitive Trusts
Three types of domain trust relationships
Trusted relationship over VPN

Cross-Link Trusts

Cross-link trusts are used to increase performance. With cross-link trusts, a virtual trust-verification bridge is created within the tree or forest hierarchy, enabling faster trust relationship confirmations (or denials) to be achieved.

One-Way Trusts

One-way trusts are not transitive, so they define a trust relationship between only the involved domains, and they are not bidirectional. You can, however, create two separate one-way trust relationships (one in either direction) to create a two-way trust relationship. However, that none-transitive two-way trusts do not equate to a transitive trust. Note: 1) one-way trusts are often used when new trust relationships must be established with down-level domains, such as Windows NT 4 domains. 2) one-way trusts can be used if a trust relationship must be established between domains that are not in the same Windows 2000 or Windows Server 2003 forest.

Three types of domain trust relationships

In Windows Server 2000/2003, there are three types of trust relationships, each of which fills a certain need within the domain structure. They are: Transitive trusts, One-way trusts  and Cross-link trusts.

Transitive Trusts

Transitive trusts establish a trust relationship between two domains that is able to flow through to other domains,. For example, if domain A trusts domain B, and domain B trusts domain C, domain A inherently trusts domain C and vice versa.

Trusted relationship over VPN

Symptoms: when attempting to create trusted relationship between two domains over VPN, you may receive a message like these “Windows cannot find the domain controller for chicagotech.net” or  “The trust cannot be validated for the following reasons: The outgoing trust was successfully validated. The secure channel (SC) reset on the domain controller \\msmvp01\chicagotech.net of domain chicagotech.net to domain chicagotech.net failed with error: There are currently no logon server available to service the logon request.” 

Resolutions: 1) Make sure you have correct password for both domains.
2.  It could be the name resolution issue. Make sure you have correct the DNS or WINS settings.
3. Multihomed computer as DC with DNS and WINS may cause this problem.
4. One possible cause of this error is that you have run out of buffer space in the NetBT datagram buffer.

 

 

  This web is provided "AS IS" with no warranties.
Copyright © 2002-2017 ChicagoTech.net, All rights reserved. Unauthorized reproduction forbidden.