question

MohammedAnees-9236 avatar image
0 Votes"
MohammedAnees-9236 asked ManasDash-0292 answered

RPC error while Trust validation

Hi Team,

We are facing a issue in our environment where we have established 2 way trust.
There are 2 domains for example: AA & BB
There is 2 way trust established between them.
We have a DB Server in AA domain and is talking to DC: AZSUA.AA(It is an Azure Server) as seen through Set Logon.
When we connect to Domain controller : AZSUA.AA and validate Trust relationship with BB domain we are getting error as
"The Local Security Authority is unable to obtain an RPC connection to the Active Directory Domain controller AZSUB.BB(It is an Azure server). Please check that the name can be resolved and that the server is available"

We confirmed that from DB Server or DC:AZSUA.AA, we are able to ping and telnet port 53, 88 for AZSUB.BB.

Also from BB domain we are able to establish the Trust with AA domain.

Please let us know if any other things to be checked.

windows-active-directory
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi
How are things going on your end? Please keep me posted on this issue.
If you have any further questions or concerns about this question, please let us know.
I appreciate your time and efforts.

Best Regards,
Daisy Zhou

0 Votes 0 ·

Hi,
I am just writing to see if this question has any update. If anything is unclear, please feel free to let us know.
Thanks for your time and have a nice day!

Best Regards,
Daisy Zhou

0 Votes 0 ·
DaisyZhou-MSFT avatar image
0 Votes"
DaisyZhou-MSFT answered DaisyZhou-MSFT edited

Hello MohammedAnees-9236,

Thank you for posting here.

1.We can validate the trust relationship between AA and BB.

For example, on one DC in AA, open Active Directory Domains and Trusts.
right click the domain name\Properties\Trusts tab\select BB domain\Properties\Validate\type the domain administrator credentials and click OK. If we receive the message "The trust has been validates. It is in place and active", it means the forest/domain trust is OK.
15104-trust1.png

2.And perform the same steps on DC in BB.

3.If we can not validate trust relationship between AA and BB, we should reset up trust between AA and BB.

4.Before establishing forest/domain trust, we need to set up conditional forwarders OR secondary zone. We can set up conditional forwarders OR secondary zone based on the steps in the following similar cases.

setup of trust relationship between 2 domains
https://social.technet.microsoft.com/Forums/windowsserver/en-US/9e501d72-5457-421a-b81b-3a1f83ac7b0e/setup-of-trust-relationship-between-2-domains?forum=winservergen

5.Then we can refer to the link below to create forest/domain trust.
http://technet.microsoft.com/en-us/library/cc780479(WS.10).aspx
http://technet.microsoft.com/en-us/library/cc740018(WS.10).aspx

6.Meanwhile, ensure all the AD required ports are open.
Active Directory and Active Directory Domain Services Port Requirements
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd772723(v=ws.10)?redirectedfrom=MSDN

Active Directory Replication over Firewalls
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/bb727063(v=technet.10)?redirectedfrom=MSDN

If anything is unclear, please feel free to let us know.

Best Regards,
Daisy Zhou



trust1.png (62.9 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ManasDash-0292 avatar image
0 Votes"
ManasDash-0292 answered

104853-error.png



I am also facing the same type of error when trying to validate the trust.


error.png (8.4 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ManasDash-0292 avatar image
0 Votes"
ManasDash-0292 answered

Also unable to share a folder from one domain to another domain104855-error.png



error.png (94.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.