Hi. I have a issue with some domains in my organization. I have 3 forest with 1 domain each one. All are working in 2003 native mode. One of them (firstdomain.local) is a clustered domain. That is 2 nodes working in high availability, so there are 2 dns servers, 2 domain controllers, etc. By some economic reasons, one of this nodes have all FSMO roles. Because of this, when I run nslookup firstdomain.local from other one organization's domain, it responds with all cluster IPs (one for public network of server1, one for public server2, one for private network of server1, one for private server2 and two more for cluster's IPs). Six IPs totally. I've configured DNS servers with secundary zones. I've tried with lmhost archive. I used WINS server too... But when I tried to make a relationship between this domain and other one, system fails on incoming trust and show a message that sais "there is not a domain controller to attend logins attemps" (sorry, I don't know if it sais so in english :-P). Outgoing trust works fine, but incoming is impossible. Trust between the other two domains work fine without problemss. Any suggest? Regards.

Hi, You cannot cluster domain controllers for fault tolerance. You can promote computers to be domain controllers, and then you can install the Cluster service on those computers, but there is no method to store Active Directory on any one of the cluster's managed drives. There is no "failover" of Active Directory. And there are many other problem if DCs are cluster nodes. For your reference: Windows 2000, Windows Server 2003, and Windows Server 2008 cluster nodes as domain controllers http://support.microsoft.com/kb/281662 Domain Controllers as Cluster Nodes - Bad Idea http://msmvps.com/blogs/clusterhelp/archive/2008/02/12/domain-controllers-as-cluster-nodes-bad-idea.aspx Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information. Based on the information above, please change your configuration before troubleshooting Trust problem. Thanks.This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Mervyn. Thank you for you answer. Sorry for inconvenience, but AD is installed in those computers for 5 years ago... SYSVOL and NETLOGON are in managed drive by cluster ^_^ . It works with DNS, fault tolerance, as DC, etc... Perhaprs it's not the best idea as you said in your links, but as i said, i cannot promote any computer to DC because there aren't more servers. :-P Reading second link: "If they host DNS, they should point to each other for their own DNS resolution, which will cause failures in resolution if one node is down"... so here could be my problem, but there is a new and disturbing question: To root of my problem, I've installed same configuration in two virtual machines with Vmware. Two nodes as DC, with cluster and DNS services. I've tried to trust relationship with the servers of my organization and all work fine... O_o This new virtual domain reponds to nslookup like domain with problems, with all IP's, but trusted relationship seems to be working without problems. Please don't take my answer as a criticism of your post. I appreciate your help and even though I knew what I was doing was wrong, I am concerned that with the same virtual setup does work, and not mine. Regards. Victor.

Thank you for update. Hope you can find the root cause, it’s appreciated if you share the solution. RegardsThis posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Well... I used WINS in one of other servers and configured in network card. It didn't work in that time but passed some days I tried againd and wooow... it worked fine!! Could it be because server needs some time to changes take effect? :-S I'm going to try in others servers with WINS and hope it works... ^_^