Configuring DNS between two non-trusted forest??

Similar Messages

• Configure ssh between two hosts as a ROOT user

  Hi Experts,
  I have tried several times to configure ssh between two hosts but didn't get success. Can some please help me to configure ssh as a root.
  I have freshly installed two solaris 10 VM's.
  Thanks~
  Edited by: user12108503 on Jun 3, 2013 1:28 PM

  Hi,
  I have changed the config file and still getting exactly same error message.
  /etc/ssh/ssh_config: line 32: Bad configuration option: PermitRootLogin
  /etc/ssh/ssh_config: terminating, 1 bad configuration options
  Please help.
  Thanks~

• How to configure connectivity between two vm linux hosts

  Hello All,
  i have installed vm workstation with two RHEL4 linux installation.
  Node 1:RHEL4
  Node 2:RHEL4
  i have configured 2 ethernet cards am able to ping in a host but not each other.
  i have tried to ping from Node 1 to Node 2 am getting icmp_seq=0 Destination Host Unreachable .....
  kindly suggest how to configure connectivity between two host permanently.please explain with example if possible. or suggest any link.
  thanks,
  Mike.

  1003614 wrote:
  thanks for quick reply ....Oracle vm workstation 4.2 am using.
  ... then your post is now moved to the appropriate forum space for your question (Oracle VM for x86).

• Two-way forest trust between two (single domain) forests with multiple identical user ID's

  Domain and forest levels - Windows 2003 (they both have one 2008 R2 DC)
  We need to create a two-way forest trust between two separate single-domain forests. The problem is that these two forests already access each others resources through a S2S. Users have the same login names and passwords on both forests/domains. Now, we
  are combining their infrastructures and need to set up a trust. From what I'm reading, you can't create forest trusts if you have the same SIDs, user ID's, or computer name in each of the forests.
  I'm looking into AD migration tool to copy the userSIDs (SID history?) between forest/domain, deleting the user ID's in the domain we migrated from, and then setting up the trust, but I'm leery about doing it this way as there is no easy 'recovery' should
  something go wrong. 
  Any suggestions for the easiest way to setup this forest trust?

  Hi,
  To eliminate your worries, two user accounts have the same user name doesn’t mean that they have the same SID. Moreover, the user’s SID remains the same even after it has been renamed.
  The SID for domain account/group consists of a
  Domain Identifier and a Relative Identifier. Domain Identifier is unique in every domain within a forest, and a Relative Identifier is unique within domain. It is unlikely that two user accounts with or without the same account
  name from two forests have the same SID.
  The Technet article you mentioned is talking about duplicate SIDs instead of “duplicate computer name or user account”, I will submit a change request to Microsoft about this.
  If there are duplicate SIDs when you create forest trust, you need to delete one of them as the article guides.
  Here are some related articles below for your references:
  How Security Identifiers Work
  http://technet.microsoft.com/en-us/library/cc778824(v=WS.10).aspx
  Security Identifier Structure
  http://technet.microsoft.com/en-us/library/cc962011.aspx
  Security Identifier
  http://en.wikipedia.org/wiki/Security_Identifier
  I hope this helps.
  Amy Wang

• 340 bridge traffic between two non root bridges

  I have a deployent with a 340 series bridge acting as root bridge and two 340 bridges acting as non-root remotes. The hosts hanging off the non-root bridges can communicate with the hosts hanging off the root bridge but i cannot get communication to work between hosts on the two non-root bridges. Is there some sort of split horizon type setting I need to configure on the root-bridge to allow traffic back out the radio interface.

  There isn't anything in the bridges that would block traffic between the two sites. Is this one large subnet, or are there two subnets? If there are two, how are you routing between the two?
  Can one non-root bridge ping the other non-root?

• Configuring mail between two Apples?L

  I have two apple computers, a desktop and a MacBook Air for travelling. I want to configure mail so that both have full functionality but to have the desktop as the "master". Therefore, any messages sent from the Air should appear in the Desktop "sent" box, and anything deleted from the Air should not be deleted from the desktop. Any ideas?

  Welcome to Apple Discussions
  No can do...
  You can not check the remove a copy from the sever after recieving message on MBA Accounts: Advanced tab, so that all messages are downloaded to the Desktop (check that box on the Desktop) for incoming messages, but, there's no way to get the out messages from the MBA (or a phone or any other device) over to the Desktop sent or out box.
  Webmail (browser based) would allow you one place to keep/see all your messages - but generally I find Webmail much slower and more cumbersome to use than a traditioinal e-mail client.

• Can you share a library between two non-networked PCs?

  any help appreciated on this one!
  I'd like to be able to keep my iTunes library on a portable hard drive.
  which isn't too difficult to do - move the folder and consolidate.
  then I'd like to take it with me between home and the office.
  would playlists / play counts / ratings stay in sync on the external HD or is there no way to do this?
  (i.e. would all the listening I'd done at work show up in the library when I plugged the disk in again at home?)
  thanks in advance for your help.

  If you want playlists, playcounts, rating and such to remain consistent and travel with the drive, drag the entire iTunes folder (the entire folder, not just the iTunes Music folder) to your desired location. Then on each system, connect the hard drive and hold down the Shift key while launching iTunes. You'll be given a dialog box where you can select the iTunes library you want to use. Navigate to and select the iTunes folder on the external drive.
  Note: do not launch iTunes until the external drive is connected and mounted, or iTunes will automatically switch back to the default location on the internal drive. No big problem if it does, just quit iTunes and relaunch while holding down the Shift key.
  Regards.

• OSD Across a Non-Trusted Domain

  Hello All,
  Thank you in advance for the help. I am trying to validate a configuration I would like to put in place for a client.
  The client has Configuration Manager 2012 set up to manage computers in a non-trusted domain with no MPs in the non-trusted domain. There are DPs in the non-trusted domain. The site runs in an https configuration for these clients. We have configured a subordinate
  CA in their forest that trusts the CA in the forest that hosts the ConfigMgr site servers and all certs are working fine.
  My question: Will OSD function correctly for computers in the non-trusted domain? Or so I need to have an MP in the non-trusted domain as well?
  Thanks!

  Hi Jason,
  Yes, you are correct - there are multiple HTTP MPs that are reachable from the non-trusted forest's computers on the Intranet. There is also an HTTPS MP in the DMZ which is reachable from the internal network as well (we use split-brain DNS for this). The
  DMZ MP in HTTPS mode can handle the requests from the non-trusted forest's clients and I envision DPs being configured in the non-trusted forest's domain in HTTPS mode to provide the DP service for the non-trusted domain's clients.
  One of the other respondants indicated that they believed this config would work as long as the client could reach a PXE enabled DP. I don't see a reason this won't work as well with a boot image with a cert on it or via Software Center, right?
  Does this configuration sound kosher?
  Thank you!

• SCOM Agent in Pending Management with two way trusted domain

  Hello Guys,
  I have two trusted domain abc.com & xyz.com with two-way trust forest-wise authentication enabled and my SCOM 2012 R2 Management server is part of abc.com. And there are multiple host which are part of domain xyz.com.When I am pushing agent from SCOm console
  to server then agents are getting installed with success message in task pane, but my agents are now at in pending Management.
  for this I am getting Event ID 20002 opsmgr connector with following message "A device at IP 10.1.1.6:54277 attempted to connect but could not be authenticated, and was rejected." on SCOM Server.
  And below message on the server where I am installing the agent.
  Event 20071 OpsMgr Connector
  The OpsMgr Connector connected to SCOM.abc.com, but the connection was closed immediately without authentication taking place.  The most likely cause of this error is a failure to authenticate either this agent or the server .  Check the event log
  on the server and on the agent for events which indicate a failure to authenticate.
  Event 21016 OpsMgr Connector
  OpsMgr was unable to set up a communications channel to SCOM.abc.com and there are no failover hosts.  Communication will resume when fabSCOM2.nmfab.loc is available and communication from this computer is allowed.
  Event 20070 OpsMgr Connector
  The OpsMgr Connector connected to SCOM.abc.com, but the connection was closed immediately after authentication occurred.  The most likely cause of this error is that the agent is not authorized to communicate with the server, or the server has not received
  configuration.  Check the event log on the server for the presence of 20000 events, indicating that agents which are not approved are attempting to connect.
  Need help to resolve this can any one help me.
  Thanks in Advance.
  NM-BG
  NM-BG

  Hi,
  Here i  suspect Authentication issue. 
  1.Could you please if 88, 389 & 3268 ports are opened between client domain controller and management server.
  2. if ports are already open collect netmon traces on both client and management server simultaneousely and check if there are any kerborose errors
  Kind Regards,
  Naveen Kumar B
  ~Bommi

• Configuring SMTP Namespace Sharing between two Exchange Forests on the same LAN

  Hi guys, really hoping that someone can help me with configuring SMTP Namespace Sharing between two Exchange Forests on the same LAN.
  Basically, I have created a new forest and installed a new exchange organisation in this forest.  Both forests are located on the same IP subnet and a two way trust has been created between the forests.  Federated sharing has also been configured. 
  I can use ADMT to migrate the user and computer accounts to the new forest and also migrate test mailboxes over.  Ideally, I want to be able to do the mailbox migrations in stages so will need to be able to have mail flowing between the two forests. 
  I have read over the following article (http://ibrahimnore.wordpress.com/2012/09/06/configuring-smtp-namespace-sharing-between-two-exchange-forests-part-2/)
  which is good but it's demonstrating over the internet, can anybody advise how this can be achieved on the local LAN? 
  Any help greatly appreciated :-)

  Hi Gilliano,
  Thanks for correct link. I must say this is a very good article indeed, I read the entire article and if you go to the 3rd part of this article, please note the text "DOMAINC.COM is configured as Internal Relay Accepted Domain on both the domains"
  This is exactly what I asked you to check. Personally, I understand the method described in this article will work but its very complex to manage and administer, while the easiest option is to configure internal relay at the first place and no need to make
  so many DNS changes and customizations to your environment.
  The solution really depends on what your requirement is - Since you mentioned that you are migrating stuff over from source to destination - I feel this article is too complex for your situation and not really worth (for your requirement). The setup described
  in the article is an excellent choice if you are planning to keep both forests alive for longer duration due to several reasons like compliance or company mergers and so on...
  please let me know if my explanation is not clear enough.. we can even even have a one-on-one email conversation too!
  All the best!
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. Regards, Siva

• How to create Trust between two domain

  How to create Trust between two domain:
  please help

  Hi,
  By default, two-way, transitive trusts are automatically created when a new domain is added to a domain tree or forest root domain using the Active Directory Installation
  Wizard. The two default trust types are defined in the following table. However there have others many types of the AD trust, please refer the following KB to determine which type you need:
  Trust types
  http://technet.microsoft.com/en-us/library/cc775736%28v=ws.10%29.aspx
  More relate KB:
  Creating Domain and Forest Trusts
  http://technet.microsoft.com/en-us/library/cc740018(WS.10).aspx
  The related third party article:
  How to configure Forest Level Trust in Windows Server
  http://blogs.interfacett.com/how-to-configure-forest-level-trust-in-windows-server
  *** This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control
  these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the
  use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet. ***
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Can I add a two way trusted but in different forest domain to My existing Lync 2013 Topology !

  HI !
  We have an installed Lync 2013 Std Edt. setup and its working perfectly for one domain. Our network infrastructure ( LAN ) is being shared with our sister company. They have their own forest and domain and a two ways trust relationship with our domain. I
  want to add them in our Lync 2013 topology, is it possible ?? if yes, thn what are the requirements and which changes i need to consider.
  Response from experts would be greatly appreciated. 

  Yes, You must establish a two-way trust between the central forest and user forests to enable distribution group expansion when groups from user forests are synchronized as contacts to the central forest.
  Also you can refer below link
  http://technet.microsoft.com/en-us/library/gg670909%28v=ocs.14%29.aspx
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Mai Ali | My blog: Technical

• Authentication needed after doing trust between two different domains.

  Hi There,
  I have a problem when i did the trust relationship between two different domains in two different forests ,,in the trust relationship steps all working two ways trust,with external trust,stub zone created on both domains and they are validated in both sides
  ,,my problem is with the objects it can't be retrieved from side and it can be from the other side . For instance :
  NY domain can get the users and computers of 2012DC1 
  but 2012DC1 can't get the users and computers of NY
  Date and time are the same,i am always getting this error 
  The session setup from computer '2012DC1' failed because the security database does not contain a trust account 'test.com.' referenced by the specified computer.  
  USER ACTION  
  If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time.  If this is a Read-Only Domain Controller and 'test.com.' is a legitimate machine account
  for the computer '2012DC1' then '2012DC1' should be marked cacheable for this location if appropriate or otherwise ensure connectivity to a domain controller  capable of servicing the request (for example a writable domain controller).  Otherwise,
  the following steps may be taken to resolve this problem:  
  If 'test.com.' is a legitimate machine account for the computer '2012DC1', then '2012DC1' should be rejoined to the domain.  
  If 'test.com.' is a legitimate interdomain trust account, then the trust should be recreated.  
  Otherwise, assuming that 'test.com.' is not a legitimate account, the following action should be taken on '2012DC1':  
  If '2012DC1' is a Domain Controller, then the trust associated with 'test.com.' should be deleted.  
  If '2012DC1' is not a Domain Controller, it should be disjoined from the domain.
  Can you please help me in this error.
  Thank You in advance.

  Hello,
  "The session setup from computer '2012DC1' failed because the security database does not contain a trust account 'test.com.' referenced by the specified computer. "
  This belongs to the machine 2012Dc1 in test.com and not to the other domain from your trust. Seems for me that you mix the trust with the problems of the machine 2012DC1 in test.com.
  In this error message 2012DC1 has lost the trust to its OWN domain and therefore you have to find the reason. How exactly was this machine installed?
  Or was there a restore on that machine from not supported type of backup like image/clone/snapshot?
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://blogs.msmvps.com/MWeber
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  Twitter:  

• How to Sync GAL between two forest

  Hi,
  I have Forest A With Exchange 2010 and Forest B with Exchange 2013, I want to
  establish a single global address list with FIM 2010,
  how I can do this, there is a
  step by step guide? I need to establish
  a trust relationship?
  Thanks

  If you google for FIM and syncing the GAL you should find what you need. You don't need to establish a trust and you can get away without even setting up DNS but it's better to at least have DNS between your FIM server and each of the servers you're connecting
  to. You can put FIM in either Forest or neither. The reason is that the Management Agents (or connectors) can authenticate from outside the domain. If you're using PCNS it gets more complicated though.

• PeoplePicker not showing domain accounts from other forest in two way trust

  We recently moved from our old farm in domainA of forestA to a new farm in domainB of forestB. We also have an older farm in domainC in forestC. There is two-way trust between all these forests. By default, Peoplepicker-SearchADForests property is not set
  to anything, so it will only allow forestB accounts to be looked up from AD. But, we want PeoplePicker to lookup users from both domainA and domainB. I used below script to update the settings.
  $wa = Get-SPWebApplication -Identity "https://webapp"
  $oldDomain = New-Object Microsoft.SharePoint.Administration.SPPeoplePickerSearchActiveDirectoryDomain
  $oldDomain.IsForest = $false
  $oldDomain.DomainName = "domainA"
  $wa.PeoplePickerSettings.SearchActiveDirectoryDomains.Add($oldDomain)
  $wa.Update()
  $wa = Get-SPWebApplication -Identity "https://webapp"
  $newDomain = New-Object Microsoft.SharePoint.Administration.SPPeoplePickerSearchActiveDirectoryDomain
  $newDomain.IsForest = $false
  $newDomain.DomainName = "domainB"
  $wa.PeoplePickerSettings.SearchActiveDirectoryDomains.Add($newDomain)
  $wa.Update()
  For some reason, this doesn't work for domainA. Actually, it worked once before, but it stopped working at some point. PeoplePicker is only returning domainB accounts. If I add domainC using above script, it works too, but not for domainB.
  So, my question is obvious - how to make this work? I've searched for an answer a lot and went through all troubleshooting there is, but could not resolve this permanently. Any help is appreciated.
  Thanks.

  Thanks Vladimir. I was able to run it finally in CMD. Here are the results. Now I'm thinking that the ports are not open )) Trevor's app was probably checking the ports in domain controller servers, though not sure.
    TCP    0.0.0.0:80             0.0.0.0:0              LISTENING       4
    TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       672
    TCP    0.0.0.0:443            0.0.0.0:0              LISTENING       4
    TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
    TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING       2184
    TCP    0.0.0.0:5985           0.0.0.0:0              LISTENING       4
    TCP    0.0.0.0:8081           0.0.0.0:0              LISTENING       4
    TCP    0.0.0.0:14004          0.0.0.0:0              LISTENING       1464
    TCP    0.0.0.0:22233          0.0.0.0:0              LISTENING       5240
    TCP    0.0.0.0:22234          0.0.0.0:0              LISTENING       5240
    TCP    0.0.0.0:22236          0.0.0.0:0              LISTENING       5240
    TCP    0.0.0.0:32843          0.0.0.0:0              LISTENING       4
    TCP    0.0.0.0:32844          0.0.0.0:0              LISTENING       4
    TCP    0.0.0.0:47001          0.0.0.0:0              LISTENING       4
    TCP    0.0.0.0:49152          0.0.0.0:0              LISTENING       448
    TCP    0.0.0.0:49153          0.0.0.0:0              LISTENING       540
    TCP    0.0.0.0:49154          0.0.0.0:0              LISTENING       776
    TCP    0.0.0.0:49155          0.0.0.0:0              LISTENING       800
    TCP    0.0.0.0:49156          0.0.0.0:0              LISTENING       540
    TCP    0.0.0.0:49177          0.0.0.0:0              LISTENING       928
    TCP    0.0.0.0:49201          0.0.0.0:0              LISTENING       532
    TCP    SERVERIP:139         0.0.0.0:0              LISTENING       4
    TCP    [::]:80                [::]:0                 LISTENING       4
    TCP    [::]:135               [::]:0                 LISTENING       672
    TCP    [::]:443               [::]:0                 LISTENING       4
    TCP    [::]:445               [::]:0                 LISTENING       4
    TCP    [::]:3389              [::]:0                 LISTENING       2184
    TCP    [::]:5985              [::]:0                 LISTENING       4
    TCP    [::]:8081              [::]:0                 LISTENING       4
    TCP    [::]:14004             [::]:0                 LISTENING       1464
    TCP    [::]:22233             [::]:0                 LISTENING       5240
    TCP    [::]:22234             [::]:0                 LISTENING       5240
    TCP    [::]:22236             [::]:0                 LISTENING       5240
    TCP    [::]:32843             [::]:0                 LISTENING       4
    TCP    [::]:32844             [::]:0                 LISTENING       4
    TCP    [::]:47001             [::]:0                 LISTENING       4
    TCP    [::]:49152             [::]:0                 LISTENING       448
    TCP    [::]:49153             [::]:0                 LISTENING       540
    TCP    [::]:49154             [::]:0                 LISTENING       776
    TCP    [::]:49155             [::]:0                 LISTENING       800
    TCP    [::]:49156             [::]:0                 LISTENING       540
    TCP    [::]:49177             [::]:0                 LISTENING       928
    TCP    [::]:49201             [::]:0                 LISTENING       532