Hi AllI need som help or ahint in the right dirctionI am trying to make a trust from a win2k3 server to a win2k sever Domain cph (192.168.17.x) -Server cph (192.168.17.4 cphza-nt) Domain aarh (192.168.16.x) -Server aarh (192.168.16.3 aarh-w2k) I Made the Trust fromcph (192.168.17.4 - cphza-nt) toaarh (192.168.16.3 aarh-w2k) Pic of Trust When i try to contact the aarh domain,is when things go wrong (for me)When i am tryng to verify the trust it wont accept the password i set @ the cph domainPic of trust completePic of trust verifyBut i promts me for a user and password for a user with premission to modify a trust Pic of promt for user & pass to modify a trustI am a domain admin @ cph, but i wont accepst my credentials :( If i try to doit from Domains trusted by this domain, it promts me saying that the trust dosent existsPic of Cannot verify trustany advise or help will be deeply appreciated

Hi,You're final error is "the specified domain could not be contacted or does not exist". This is probably down to DNS. First try to ping cph.rdsas.com from the machine on the aarh.rdsas.com domain and then vice-versa. I suspect it will fail.You need to put a conditional forwarder on the DNS server of each domain, pointing at the other. IE on the AD DNS for cph.rdsad.com, create a forwarder for aarh.rdsad.com, pointing to the IP of the DC with DNS in the other domain. Then do the same the other way around.You should then be able to ping each domain from each other, it will resolve as a DC on each side.You can now go and create your trust.Ross

Hi Ross Thanks for the reply Ping from aarh.rdsas.com to cph.rdsas.comPing from cph.rdsas.com to aarh.sas.com That was an issue yes, but i hoped that i had solved that problem I just noticed that i need to type cphza-nt.rdsas.com to ping from aarh domain ... can that be my issue ?but nslookup works and resolves the DNS BTW if try to make the trust as "Domains trusted by this domain" .. then yes i get the error "the specified domain could not be contacted"but if try to make "Domains that trust this Domain" i end with the password issueaarh.rdsas.com - trust-

Hi,This issue may be caused by Network settings or security settings. Lets try the steps below to configure Network settings. 1. To set the value of the RestrictNullSessAccess registry subkey to FALSE, follow these steps:a. Click Start, click Run, type regedit, and then click OK to open Registry Editor. b. Locate the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters c. Right-click this registry subkey, point to New, and then click DWORD Value. d. Type RestrictNullSessAccess, and then press ENTER. e. Double-click RestrictNullSessAccess, type 0 in the Value data box, and then click OK. f. Exit Registry Editor. g. Restart the computer.2. Open "gpedit.msc", Navigate to :Computer Configuration/Windows Settings/Security Settings/Local Polices/Security Options and change the followingFind the settings "Network access: Named Pipes that can be accessed anonymously" and make sure it contains all the following options. COMNAPCOMNODESPOOLSSNetlogonLsarpcSamrBrowserRestart the system and test. If the issue persists, please help to collect the following information for research.1. Whats the error when trying to visiting resources such as shared folder between these two Domain?2. Do you get any error when trying to create these Trusts?Thanks. This posting is provided "AS IS" with no warranties, and confers no rights.

Hi Dave,As I understand it, you can ping:from cph.rdsas.com to aarh.sas.combut notaarh.rdsas.com to cph.rdsas.comFor this way round, you are pinging cphza-nt.rdsas.com, instead of the domain name of cph.rdsas.com ?You need to be able to resolve from domain to domain, not just host to host. Check that you have created the DNS entries using forwarders with conditions for the domains and not zones. Also, restart DNS server at each side, then do an 'ipconfig /flushdns' from the command prompt. Retry pinging the domains after this, then try creating the trust.Also, ensure that both DC's are looking at their own DNS for resolution and no external sources, check this in the TCP settings on the network interface. If you get domain dns resolution on either side, but still cant create the trust, move onto Mervyns suggestions. But you need DNS resolution first before a trust will work.Ross

problem sovled tnx :)