A little about what I have recently done before I tell you the problem.
I have two domains, admin and curriculum. There's trust between the domains. My curriculum domain server (server1) also had Exchange on it and was having issues. I created two new servers (server2 and server3) and made them both curriculum DC's. I transferred all the FSMO roles over to the new servers and demoted the old one. I moved DNS and DHCP over too. I left server1 as my Exchange/file server. The trust seemed to have replicated over to the new servers and shows up.
I can ping server1,2 and 3 from the admin server and visa-versa.
I can type in \\admin from the curriculum servers and browse it and I can also do that from any curriculum machine (and they can access SIMS on admin OK for registers etc.).
However from admin if i try to access server1 it asks me for a username and password. If I try to access server2 or server3 I get a message saying that it can't find a logon server.
I am also having problems when the admin machines try to access Exchange on server1 as it asks them for their curriculum username and password when it previously allowed them access to their mailboxes through their admin account.
If I look at security settings or share permissions for shares on server1 all the admin users have changed into the big long string of letters as if it cannot find the account. If I try to add to the permissions it will show the admin domain but won't find any user accounts on it.
I'm a bit unsure if this is a DNS issue or a trust issue. Any help would be appreciated, I'm sure it's just something daft that I've missed.
Have you got WINS set up? [ame="http://en.wikipedia.org/wiki/Windows_Internet_Name_Service"] Wins [/ame]
I haven't, as far as I'm aware, I've never had it set up. I don't have any pre 2000 machines.
i only had xp clients at my last place but we had some random trust issues and then once we set up wins it worked - the two domains where on a different subnets tho.
which domain is master? although you may be able to ping the server can you ping the domain name e.g curriculum.local from an admin domain machine?
I can't ping the domain.local from curriculum or admin and visa-versa.
Should I try setting WINS up on both domains DC's? I'm pretty sure we never had WINS on before though.
Well the Problem is that you can't ping the other domain so WIN's might not be the problem if you go into the DNS is there any entries for the domain.local as you may find that the domain is still pointing to the old domain controller which is now the file server.
Originally Posted by Jambo_C
I think the problem is that the machines/servers cannot see the other domain controllers therefore there is no way for them to authenticate against that AD on the domains
I think I've found the problem. On the admin DNS server the old server1 was set as the forwarder for the curriculum domain and there weren't any forwarders set for the admin domain on the new DC's.
I've added these and it seems to have fixed the issue.
No problem at least you got it fixed
Originally Posted by Jambo_C