Derp?

maelstrom3530maelstrom3530 Member Posts: 40 ■■□□□□□□□□
Doing an AD lab. I set up a trust between two domains yesterday. Worked fine. I even shared some folders from one domain to another.

I removed the trust and attempted to create a new trust. Now I can't validate the trust, nor can I browse the "remote" DC when granting permissions on a shared resource

I did have some old IP entries in DNS, but I cleared those out and flushed all cache. Now DNS seems okay. 3 DC's on one side and 1 DC on the other. All DC's are online. nslookup shows correct IP addresses all around.

Contoso.com - (I did at one time have these subnetted, but they're all /24 now and on the same VLAN.)
hq.contoso.com - 192.168.100.105
west.contoso.com - 192.168.100.106
eng.contoso.com - 192.168.100.193

Blackstone.net
hq.blackstone.net - 192.168.100.200

Running nslookup on Blackstone.net - $> "nslookup contoso.com"
Gives correct IP addresses but all 3 are "non-authoritative" answers.

When I try to validate the trust, the error I receive on both ends says:

"The secure channel (SC) reset on Active Directory Domain Controller ... failed with error: There are currently no logon servers available to service the logon request."

In writing this I found the solution. HQ cannot be used for the machine name for both domain controllers. Renamed HQ.BLACKSTONE.NET to SERV01.BLACKSTONE.NET and all is well. I did have to reset the trust password between Blackstone.net over to WEST.CONTOSO.COM since WEST is also a DC in the same site as CONTOSO. (Eng is in a different site, I guess that's why BLACKSTONE.NET didn't need to validate a trust relationship with ENG.

ANYWAYS tl'dr: nevermind, I fixed it. Hope this helps another person somewhere along the way!

BACK TO THE LAB!
2015 Goals: [X] ICND2 [X]70-680 [X]70-685 [X]70-640
2016 Goals: [X]70-410 [X]70-411
2017 Goals: [X]70-412
2018 Goals: [_]70-697 [_]70-698

Comments

Sign In or Register to comment.