I'm having trouble getting a domain trust setup between two Windows Server 2016 domains. I've ensured the firewall ports are open, and I've got conditional forwarders set up correctly on both sides. Communication through ping and DNS is working fine. The RPC services are running on both servers, and I've made sure that SPNs are configured properly and all the necessary updates are installed.
The trust setup works well when I establish it from the old domain, and I can validate it from there. However, when trying to validate the trust from the new domain, I receive this error: 'The local security authority is unable to obtain an RPC connection to the Active Directory Controller domain controller xxxxx.olddomain. Please check that the name can be resolved and the server is available.' Even after deleting the trust and recreating it from the new domain, the issue persists.
Currently, I have a situation where the old domain trusts the new one, but not vice versa. For instance, accessing a share from the new domain to the old doesn't work, but the reverse does. I've also run TSS to gather logs for Microsoft if needed. Any insights would be appreciated!
2 Answers
First off, make sure domain controllers for both domains are up to date. Also, just opening TCP 135 for RPC is not enough. You also need to open ports 49152-65535 because the firewall could still block connections. Double-check those ports!
You might need to look into the FSMO role owners for DomainDNSZones and ForestDNSZones for both domains. Use ADSIEdit to check that out. There are guides online, or I can help if you need. Just make sure you connect correctly and check for any bad data in those zones! Sometimes you might have to delete and re-add corrupted accounts.
You basically need to verify the FSMO attributes for all DCs in both domains. If one is incorrect, it can cause issues like you're facing. Look for CN=NTDSSettings in your structure.
Solved this issue! Just connected to ADSIEDIT.MSC and verified the connection points. Such a hassle, but worth it!