I've set up conditional forwarders, opened the firewalls, and can successfully ping and resolve the remote servers on both sides, but RPC isn't functioning correctly to establish the domain trust. What could be causing this issue?
3 Answers
I saw the error screenshot you posted. It might help narrow down the problem further. Make sure your configurations for both domains and the trust relationship are intact, and consider any changes made recently that could be impacting connectivity.
Have you tested the network connection from one domain controller (DC) to another across the two forests? RPC relies on TCP 135. If your trust works one way (from domain 1 to domain 2) but not the reverse, it might hint at a configuration issue on the second domain wall. Tracking down why it's failing can reveal a lot.
It sounds like a firewall issue. RPC typically communicates over port 135 and uses a range of high ports (49152-65535) for its connections. Some firewalls might block this traffic if they don't have the right settings. If you’re using a Fortigate or similar device, ensure that you have both TCP 135 and the high port range open. Microsoft has tightened security on RPC, leading to problems if encryption can't be established during the communication process. Make sure you're not just allowing traffic for common protocols; specific port access is key here!
Totally agree! I’ve dealt with Fortigate and Cisco firewalls before, where even if "any" is set, they still block necessary port traffic except for basic network protocols like HTTP or ICMP. You might think you have access, but unless those specific ports are open, applications relying on RPC won’t work.