Install agent between trusted domain

I just installed scom 2012 agent into domain B server. The management server located in Domain A. Both Domain already form a two ways trusted. After the agent installed, domian B server can't communicate with SCOM management server. Checked no firewall issue
and set automatice approval from manually install client the SCOM server. Pls advice

The only way you can do to install Gateway server using CA certificate in domain B to communicate MS server in domain A and then all agents in domain B is report to gateway server.
You may refer to the following blog for how to deploy gateway server in untrust domain
http://systemcentering.blogspot.hk/2011/11/steps-for-deploying-scom-to-untrusted.html
http://jimmoldenhauer.blogspot.hk/2012/11/scom-2012-install-and-configure-gateway.html
http://scompanion.wordpress.com/2012/10/18/gateway-server-install-for-another-untrusted-domain/
Roger

Similar Messages

  • DPM 2012R2 - Unable to install agent on trusted domain

    Hi,
    I'm pretty sure I'm not the first to ask this question, but couldn't find the solution anywhere.
    Just completed the installation of DPM2012R2 and I'm trying to install\attach agents on the computers from the list.
    Every single computer is returning me the same error: 322,
    The following computers <computerame> were not found in Active Directory Domain Services, or they do not have a Windows Server operating system installed.
    Which is weird since I'm logged in as domain admin and was able to access all the hosts under my active directory domain with no problem.
    Any hints?

    Hi,
    Few things to try:-
    1. Temporary disable Windows firewall between DPM and target server
    2.Try add the credential that you use to push DPM agent to each local server-Local Administrator Group.
    3.On DPM server server, make sure can resolve FQDN of the target server and able to ping them.
    4.Next, depend on your target server, you may need to install some pre-requisite software/ update.
    Refer to
    Installing DPM Agent - http://technet.microsoft.com/en-us/library/hh758186.aspx
    Pre-req to install:- http://www.ms4u.info/2013/02/unable-to-deploy-dpm-2012-sp1-agent-to.html
    Lai (My blog:- http://www.ms4u.info)

  • DFS between Trusted Domains

    Layout:
    Domain A we will call fox.net
    Domain B we will call hound.net
    Domain A is a 2003 Domain with DFS roots on 2 servers. Both DFS roots are also Domain Controllers.
    Domain B is a 2003 Domain with no DFS.
    Domain A has an Outgoing, One-Way Trust, with Selective Authentication enabled to Domain B. This allows Domain B users to access resources within Domain A.
    I want users in Domain B to be able to access DFS in Domain A.
    I have enabled "Allowed to Authenticate" on the 2 DFS roots in Domain A for the users in Domain B.
    I have enabled "Allowed to Authenticate" on all other Domain Controllers in Domain A (for other reasons)
    I have configured the Share and Security permissions on the DFSRoots directory on the 2 DFS roots in Domain A to Read, List, Read & Execute.
    From a Domain B workstation, i get the following when i type:
    \\fox.net\                      =    I see Netlogon & Sysvol
    \\IP ADDRESS\             =    I see Netlogon, Sysvol, & DFSShare, but when i double click the DFSShare i get the below error message ****
    ****Error Message Reads: "\\IP ADDRESS\Share is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permisions.          Configuration information could not be read from the domain controller, either becouse the machine is unavailable, or access had been denied."
    I can open and navigate the Sysvol and Netlogon folders just fine.
    I want users in Domain B to be able to access DFS in Domain A.
    Thanks.

    Hi rollnpc,
    This seems to unusual.
    We build a test environment on my side, and build like this:
    DomainA (contoso.local): Selective Authentication mode, Outgoing, One-Way Trust to DomainB.
    Grant C:\DFSRoot share with: DomainB\Domain Users full control, and set NTFS permission with Full control.
    DomainB (nwtrader.local): logon a user and can access to \\contoso.local\DFSRoot, and browse the DFS link under it.
    Can you please go through the steps on your accessing the \\DomainA\DFSRoot from DomainB? If the issue still there, please describe your steps in detailed, and meanwhile capture the screenshot of the error message for our reference.
    Please use Windows Live SkyDrive (http://www.skydrive.live.com/) to upload the screenshot and then give us the download address.
    Thanks.
    This posting is provided "AS IS" with no warranties, and confers no rights.

  • DPM 2010 agent installation on Domain Controller

    Hello all, recently I tried to install the agent from my DPM 2010 server onto a Win2K8 Domain controller which failed (used a Domain Admin's credientials for the install, and on trusted domain). I remember in DPM 2007 you needed to install the agent through
    command line. Can someone post up the correct steps to get a DPM 2010 agent installed to a DC?

    Same issue here.
    Pushing a DPM 2010 agent to a Windows 2008 DC fails with the error:
    ============
    You cannot install the protection agent on SV-MGMT-03.xxxxxx.nl because access to the computer has been denied.
    ============
    The DPM 2010 agent software is installed but DPM doesn't add the server. With an attach i can add the server but DPM 2010 cannot communicate with it.
    ===============
    Protection agent version: 3.0.7696.0
    Error: Data Protection Manager Error ID: 270
     The agent operation failed on sv-mgmt-03.xxxxx.nl because DPM could not communicate with the DPM protection agent. The computer may be protected by another DPM server, or the protection agent may have been uninstalled on the protected computer.
    If sv-mgmt-03.xxxxxxx.nl is a workgroup server, the password for the DPM user account could have been changed or may have expired.
    Recommended action: Check the following to troubleshoot this issue:
    1) If the agent is not installed on sv-mgmt-03.xxxxxxxxx.nl, run DpmAgentInstaller.exe with this DPM computer as a parameter. For details, see the DPM Deployment Guide.
    2) To attach the computer correctly to this DPM server, run the SetDpmServer tool on the protected computer.
    3) If the computer is protected by another DPM server, or if the protection agent has been uninstalled, remove the protected data sources on this computer from active protection. Then, remove the entry of this computer from the Agents tab in the Management
    task area.
    4) If sv-mgmt-03.xxxxxxxxx.nl is a workgroup server, run SetDpmServer with the -UpdatePassword flag on the protected computer and Update-NonDomainServerInfo.ps1 on the DPM server to update the password.
    5) If the DPM server and the protected computer are not in the same domain, ensure that there is a two-way trust setup between the two domains.
     If the computer is protected by another DPM server, or if the protection agent has been uninstalled, you can remove the record of the computer from this DPM server.
    ==============
    Anyone a solution for this?

  • SCOM Agent in Pending Management with two way trusted domain

    Hello Guys,
    I have two trusted domain abc.com & xyz.com with two-way trust forest-wise authentication enabled and my SCOM 2012 R2 Management server is part of abc.com. And there are multiple host which are part of domain xyz.com.When I am pushing agent from SCOm console
    to server then agents are getting installed with success message in task pane, but my agents are now at in pending Management.
    for this I am getting Event ID 20002 opsmgr connector with following message "A device at IP 10.1.1.6:54277 attempted to connect but could not be authenticated, and was rejected." on SCOM Server.
    And below message on the server where I am installing the agent.
    Event 20071 OpsMgr Connector
    The OpsMgr Connector connected to SCOM.abc.com, but the connection was closed immediately without authentication taking place.  The most likely cause of this error is a failure to authenticate either this agent or the server .  Check the event log
    on the server and on the agent for events which indicate a failure to authenticate.
    Event 21016 OpsMgr Connector
    OpsMgr was unable to set up a communications channel to SCOM.abc.com and there are no failover hosts.  Communication will resume when fabSCOM2.nmfab.loc is available and communication from this computer is allowed.
    Event 20070 OpsMgr Connector
    The OpsMgr Connector connected to SCOM.abc.com, but the connection was closed immediately after authentication occurred.  The most likely cause of this error is that the agent is not authorized to communicate with the server, or the server has not received
    configuration.  Check the event log on the server for the presence of 20000 events, indicating that agents which are not approved are attempting to connect.
    Need help to resolve this can any one help me.
    Thanks in Advance.
    NM-BG
    NM-BG

    Hi,
    Here i  suspect Authentication issue. 
    1.Could you please if 88, 389 & 3268 ports are opened between client domain controller and management server.
    2. if ports are already open collect netmon traces on both client and management server simultaneousely and check if there are any kerborose errors
    Kind Regards,
    Naveen Kumar B
    ~Bommi

  • DPM Agent Not recognized as trusted domain agent

    Hello,
    I have an interesting problem.  Running DPM 2012 SP1 and have a trust relationship setup between two domains, A and B.  DPM server is in domain A.  DPM server was backing up protected agents in domain B both in trusted and untrusted scenarios
    since there were a handful of stand alone servers.  The standalone servers now have been joined to the domain, but DPM will not recognized the agents in the domain.  
    Removed protection in DPM and uninstalled agent on servers, manually reinstalled agents and used the -SetDPMServer command.  Attached in DPM, but DPM doesn't show agent associated with trusted domain B.  When adding to a protection group, the servers
    are showing up under workgroup and not under domain B.  
    Agent reports attached, but eventually backups error again with communication error event ID 318.
    Anyone seen this before or have any suggestions?
    Any assistance would be appreciated, need to get the server backed up!
    Thanks

    Hi,
    On the DPM Server, see if the machine name is listed under this registry key.
    HKLM\Software\Microsoft\Microsoft Data Protection Manager\Agent\2.0\NtlmAuthData\
    If so delete it, then try to add it to a PG.
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT]
    This posting is provided "AS IS" with no warranties, and confers no rights.

  • Global Trust Between WebLogic Domains ?

    Hi there,
    Need clarification on "Global Trust between weblogic domains "
    My scenario :
    WebLogic Version installed                : 10.3.5.0
    Linux physical machines                     :  2
              x - machine
              y - machine
    Now, I've created new domain with AdminServer , and 2 managed servers on x-machine. And, 2 more managed servers on y-machine.
         x-machine --> AdminServer + 2 managed servers
         y-machine -->  2 managed servers
    Created a cluster for all the 4 managed servers.
    My question : Though we have created 2 domains -
                                                                                         Domain 1- on x-machine where we have Admin + 2 nodes
                                                                                         Domain 2 - on y-machine where we have 2 nodes
    Now , do we require to create/enabe "Global trust between these domains to communicate  ? And, enable cross-domain security also  ? Is this required  ?
    Or in which situations we require to enable trust between domains ?
    Can someone explain me.
    Thanks

    Looking to this Oracle Doc >> http://docs.oracle.com/cd/E24329_01/web.1211/e24375/basics.htm#BRDGE128
    "Typical tasks required to manage a messaging bridge using the Administration Console include
    Creating a trusted security relationship. See "Configuring Domains for Inter-Domain Transactions" in Programming JTA for Oracle WebLogic Server"
    And, clicking the link to Configuring Domains for Inter-Domain Transactions, there's two types of communications:
    Inter-domain—The transaction communication is between servers participating in transactions that are not in the same domain.
    Intra-domain—The transaction communication is between servers participating in transactions within the same domain
    Check the rest of the doc to know how to configure each type, and apply the one that matches your case..
    Hope it helps
    Regards,
    Mohab

  • Getting Error The trust relationship between the primary domain and the trusted domain failed in SharePoint 2010

    Hi,
    SharePoint 2010 Backup has been taken from production and restored through Semantic Tool in one of the server.The wepapplication of which the backup was taken is working fine.
    But the problem is that the SharePoint is not working correctly.We cannot create any new webapplication ,cannot navigate to the ServiceApplications.aspx page it shows error.Even the Search and UserProfile Services of the existing Web Application is not working.Checking
    the SharePoint Logs I found out the below exception
    11/30/2011 12:14:53.78  WebAnalyticsService.exe (0x06D4)         0x2D24 SharePoint Foundation          Database                     
     8u1d High     Flushing connection pool 'Data Source=urasvr139;Initial Catalog=SharePoint_Config;Integrated Security=True;Enlist=False;Connect Timeout=15' 
    11/30/2011 12:14:53.78  WebAnalyticsService.exe (0x06D4)         0x2D24 SharePoint Foundation          Topology                     
     2myf Medium   Enabling the configuration filesystem and memory caches. 
    11/30/2011 12:14:53.79  WebAnalyticsService.exe (0x06D4)         0x12AC SharePoint Foundation          Database                     
     8u1d High     Flushing connection pool 'Data Source=urasvr139;Initial Catalog=SharePoint_Config;Integrated Security=True;Enlist=False;Connect Timeout=15' 
    11/30/2011 12:14:53.79  WebAnalyticsService.exe (0x06D4)         0x12AC SharePoint Foundation          Topology                     
     2myf Medium   Enabling the configuration filesystem and memory caches. 
    11/30/2011 12:14:55.54  mssearch.exe (0x0864)                    0x2B24 SharePoint Server Search       Propagation Manager          
     fo2s Medium   [3b3-c-0 An] aborting all propagation tasks and propagation-owned transactions after waiting 300 seconds (0 indexes)  [indexpropagator.cxx:1607]  d:\office\source\search\native\ytrip\tripoli\propagation\indexpropagator.cxx 
    11/30/2011 12:14:55.99  OWSTIMER.EXE (0x1DF4)                    0x1994 SharePoint Foundation          Topology                     
     75dz High     The SPPersistedObject with
    Name User Profile Service Application, Id 9577a6aa-33ec-498e-b198-56651b53bf27, Parent 13e1ef7d-40c2-4bcb-906c-a080866ca9bd failed to initialize with the following error: System.SystemException: The trust relationship between the primary domain and the trusted
    domain failed.       at System.Security.Principal.SecurityIdentifier.TranslateToNTAccounts(IdentityReferenceCollection sourceSids, Boolean& someFailed)     at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection
    sourceSids, Type targetType, Boolean forceSuccess)     at System.Security.Principal.SecurityIdentifier.Translate(Type targetType)     at Microsoft.SharePoint.Administration.SPAce`1.get_PrincipalName()    
    at Microsoft.SharePoint.Administration.SPAcl`1.Add(String princip... 
    11/30/2011 12:14:55.99* OWSTIMER.EXE (0x1DF4)                    0x1994 SharePoint Foundation          Topology                     
     75dz High     ...alName, String displayName, Byte[] securityIdentifier, T grantRightsMask, T denyRightsMask)     at Microsoft.SharePoint.Administration.SPAcl`1..ctor(String persistedAcl)    
    at Microsoft.SharePoint.Administration.SPServiceApplication.OnDeserialization()     at Microsoft.SharePoint.Administration.SPIisWebServiceApplication.OnDeserialization()     at Microsoft.SharePoint.Administration.SPPersistedObject.Initialize(ISPPersistedStoreProvider
    persistedStoreProvider, Guid id, Guid parentId, String name, SPObjectStatus status, Int64 version, XmlDocument state) 
    11/30/2011 12:14:56.00  OWSTIMER.EXE (0x1DF4)                    0x1994 SharePoint Foundation          Topology                     
     8xqx High     Exception in RefreshCache. Exception message :The trust relationship between the primary domain and the trusted domain failed.   
    11/30/2011 12:14:56.00  OWSTIMER.EXE (0x1DF4)                    0x1994 SharePoint Foundation          Timer                        
     2n2p Monitorable The following error occured while trying to initialize the timer: System.SystemException: The trust relationship between the primary domain and the trusted domain failed.       at System.Security.Principal.SecurityIdentifier.TranslateToNTAccounts(IdentityReferenceCollection
    sourceSids, Boolean& someFailed)     at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess)     at System.Security.Principal.SecurityIdentifier.Translate(Type
    targetType)     at Microsoft.SharePoint.Administration.SPAce`1.get_PrincipalName()     at Microsoft.SharePoint.Administration.SPAcl`1.Add(String principalName, String displayName, Byte[] securityIdentifier, T grantRightsMask,
    T denyRightsMask)     at Microsoft.SharePoint.Administrati... 
    11/30/2011 12:14:56.00* OWSTIMER.EXE (0x1DF4)                    0x1994 SharePoint Foundation          Timer                        
     2n2p Monitorable ...on.SPAcl`1..ctor(String persistedAcl)     at Microsoft.SharePoint.Administration.SPServiceApplication.OnDeserialization()     at Microsoft.SharePoint.Administration.SPIisWebServiceApplication.OnDeserialization()    
    at Microsoft.SharePoint.Administration.SPPersistedObject.Initialize(ISPPersistedStoreProvider persistedStoreProvider, Guid id, Guid parentId, String name, SPObjectStatus status, Int64 version, XmlDocument state)     at Microsoft.SharePoint.Administration.SPConfigurationDatabase.GetObject(Guid
    id, Guid parentId, Guid type, String name, SPObjectStatus status, Byte[] versionBuffer, String xml)     at Microsoft.SharePoint.Administration.SPConfigurationDatabase.GetObject(SqlDataReader dr)     at Microsoft.SharePoint.Administration.SPConfigurationDatabase.RefreshCache(Int64
    currentVe...
    Please guide me on the above issue ,this will be of great help
    Thanks.

    I have same error. Verified for trust , ports , cleaned up cache.. nothing has helped. 
    The problem is caused by User profile Synch Service:
    UserProfileProperty_WCFLogging :: ProfilePropertyService.GetProfileProperties Exception: System.SystemException:
    The trust relationship between the primary domain and the trusted domain failed.       at System.Security.Principal.SecurityIdentifier.TranslateToNTAccounts(IdentityReferenceCollection sourceSids,
    Boolean& someFailed)     at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess)     at System.Security.Principal.SecurityIdentifier.Translate(Type
    targetType)     at Microsoft.SharePoint.Administration.SPAce`1.get_PrincipalName()     at Microsoft.SharePoint.Administration.SPAcl`1.Add(String principalName, String displayName, SPIdentifierType identifierType, Byte[]
    identifier, T grantRightsMask, T denyRigh...        
    08/23/2014 13:00:20.96*        w3wp.exe (0x2204)                      
            0x293C        SharePoint Portal Server              User Profiles                
            eh0u        Unexpected        ...tsMask)     at Microsoft.SharePoint.Administration.SPAcl`1..ctor(String persistedAcl)    
    at Microsoft.Office.Server.Administration.UserProfileApplication.get_SerializedAdministratorAcl()     at Microsoft.Office.Server.Administration.UserProfileApplication.GetProperties()     at Microsoft.Office.Server.UserProfiles.ProfilePropertyService.GetProfileProperties()
    Please let me know if you any solution found for this?
    Regards,
    Kunal  

  • One way trust relationship between different domain windows server 2012 in different forest

    I'd like to build trust correctly between the domains A.local and B.int. A.local is on a Windows 2012 . B.int is on a Windows 2012 . Both machines are
    connected to the same LAN. The forest level in A.local
    machine is Windows Server 2008 and The forest level in B.int
    is Windows server 2012.
    I want a one-way trust relationship, i.e. users from A.local gain access to B.local.
    my problem it i create the trust put when i go to validate the trust between A.Local and B.int give me this error :
     The secure channel (SC) reset on Active Directory Domain Controller \\dc2.B.int of domain B.int to domain A.Local failed with error: There are currently no logon servers available to service the logon request.
    NOTE : Recently I
    UPGRADE THE Active Directory FROM 2008 R2 TO 2012 and i ping on A.local to B.int
    it is ping by name and IP but from b.int ping by IP JUST >>>
    ihab

    Hi,
    yes i already do it the setup conditional forwarding between the 2 domains and
    the firewall it is off 
    ihab

  • What difference between a domain trust and a forest trust?

    What difference between a domain trust and a forest trust?

    Greetings!
    The answer is right on the question! :)
    I think it is best to distinguish properly between forest and domain. This article is a good one:
    What Are Domains and Forests?
    But in a nutshell, a forest trust is mostly used between two organizations, Suppose company A has a unique forest and company B has another unique forest as well, when they are merged they can simply create a forest trust between each other, This trust can
    be one-way or two-way depending on your needs.
    Domain trusts are between a single instance (domain) of a forest to another instance (domain) of another forest. It is worth mentioning that trust can be transitive as well.
    What Are Domain and Forest Trusts?
    I hope you got the answer.
    Regards.
    Mahdi Tehrani   |  
      |  
    www.mahditehrani.ir
    Please click on Propose As Answer or
    to mark this post as
    and helpful for other people.
    This posting is provided AS-IS with no warranties, and confers no rights.
    How to query members of 'Local Administrators' group in all computers?

  • How to create Trust between two domain

    How to create Trust between two domain:
    please help

    Hi,
    By default, two-way, transitive trusts are automatically created when a new domain is added to a domain tree or forest root domain using the Active Directory Installation
    Wizard. The two default trust types are defined in the following table. However there have others many types of the AD trust, please refer the following KB to determine which type you need:
    Trust types
    http://technet.microsoft.com/en-us/library/cc775736%28v=ws.10%29.aspx
    More relate KB:
    Creating Domain and Forest Trusts
    http://technet.microsoft.com/en-us/library/cc740018(WS.10).aspx
    The related third party article:
    How to configure Forest Level Trust in Windows Server
    http://blogs.interfacett.com/how-to-configure-forest-level-trust-in-windows-server
    *** This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control
    these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the
    use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet. ***
    Hope this helps.
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Server 2012 R2 no longer able to query objects in a trusted domain over a Forest Trust using Selective Authentication

    I have a scenario in which our enterprise activation servers exist in a domain that is in a separate forest than our offices.  Currently all our domain controllers are 2008 R2 with domain and forest functional levels at 2008 R2.  We have set
    up two-way forest trusts with our office domains using selective authentication.  We then give the domain controllers from our licensing domain the "Allowed to Authenticate" right to the domain controllers in the office domain.  On the
    server 2008 R2 domain controllers in the office domain, we can browse to the appropriate objects in the licensing domain after being presented with an authentication window that allows us to enter credentials for the licensing domain.  However, after
    installing a 2012 R2 domain controller in an office domain, we can not use the 2012 domain controller to browse to the objects in the licensing domain.  It never asks for credentials for the licensing domain when we specify the objects we want to add
    from the licensing domain.  I simply states that the object can not be found.  When I look at the domain controller in the licensing domain, I see that the domain controller in the office domain is attempting to pass the credentials of the user that
    is logged on and this is failing since this user has no rights in the licensing domain.  I can still use a 2008 R2 domain controller in the office domain to add the rights and it works like it always has.  Can somebody tell me why this is happening
    and how to correct it?

    Hi,
    Based on my research, this is a known issue in Windows Server 2012 R2.
    According to the article below: “The Selective Authentication feature of selective trusts is
    not functional. Access to resources enabled by “Allowed to Authenticate” will fail. There is no workaround at this time”.
    Release Notes: Important Issues in Windows Server 2012 R2
    http://technet.microsoft.com/en-us/library/dn387077.aspx
    Best Regards,
    Amy Wang

  • DNS/LDAP Issue for Trusted Domain

    Hi
    I'm trying to configure  Configuration Manager 2012 R2 Forest Discovery to a trusted domain.
    Objects from the trusted domain (users/computers) show up in the Collections, but when I check under Administration\Active Directory Forests I can see Discovery Status "Failed to connect using default account" and Publishing status "Cannot
    Contact LDAP Server".
    I've added the SCCM server to local admin at the trusted domain via GPO and have also created the system Management container.
    When I check the log ADForestDisc.log I get this error message:
    "Failed to connect to forest X. This can be because of disjoint DNS namespaces, network connectivity or server availibility issue. Error Information The specified forest does not exist or cannot be contacted."
    I have setup Conditional Forwarders in DNS in both domains.
    I have also read other forums about this issue and should have the answer:
    "This error occurs for all of the domains that you mentioned and is typical when SRV records for DCs in those remote domains cannot be found. Forest discovery relies on DNS name resolution of SRV records to locate a suitable DC to communicate with."
    "The site server performing the forest discovery must be able to resolve the SRV records for the DCs or root domain of the other forest."
    We are using Windows AD integrated DNS in both domains.
    I'm not so familiar with DNS configuration so I appreciate if someone could tell more specific how to fix this.
    Thanks in advance

    Hi
    Thank you for your answer. This issue is solved. I've missed to open some ports in the router/firewall between the LANs.
    The status under Active Directory Forests is Succeded now, but when I check under boundaries, I can only see the "Default-First-Site-Name" site for the first domain (same LAN as CM Server) and I can only see the IP address range for that LAN.
    I don't Think  this is a big issue, but shouldn't the site name and address range for the other LAN (where the trusted domain is) be automatically found to during forest Discovery when I've checked the options to create site and ip boundaries automatically?

  • "following domains are not available" error - functionally trusted domains but with same NETBIOS dc computernames giving problems.

    For SCOM monitoring and user permissions I am trying to add the Action Account from HQ.local domain to some other domains like DOMAIN1.local, TEST1.local and TEST2.local. 
    (a trust persists between the domains en HQ.local, and DNS Conditional forwarders are configured to correctly resolve the FQDN DNS names).
    Problem is, when adding a user from the HQ.local domain to the Active Directory of the DC's SRVPDC01.DOMAIN1.local or SRVPDC01.TEST1.local domain I get an error:
    "The Active Directory Domain Controllers Required to find the selected objects in the following domains are not available:
    HQ.local
    Ensure the Active Directory Domain Controllers are available, and try to select the objects again."
    But when I try to do the same thing, so add user1 from HQ.local to the AD on TESTDC01.TEST2.local…. No error!
    The other way around, like adding users from DOMAIN1.local, TEST1.local or TEST2.local to the DC01.HQ.local Active directory… also no error!
    To make things even more strange, when I validate the trust with HQ.local… and then try to add user1.HQ.local -> No problem, but only for about 1 minute.. After that
    it doesn't recognize user1.HQ.local and only displays some CN=S-1-5... ID of the user. Also when trying to add a new user, I receive the error again.
    My guess is that the problem has something to do with the same NETBIOS names of the DC's (server 3 and 4). because authenticating users from HQ.local and TEST2.local
    doesn't give me errors and all other domains which have same DC names are giving errors. 
    (for testing purposes I set-up TESTDC01.TEST2.local with a different DC servername to see if the error persists, and it didn't).
    Overview of the servers and situation:
    - All server 3, 4 and 5 are on separate Vlan's and have no connectivity among each other. But they do have connectivity to the internet, the HQ.local domain and its servers
    DC01 and DC02.
    - same firewall settings for each vlan
    - even Server 4 and server 5 are on the same Vlan for testing purposes, just to make sure the firewall is not the problem.
    Server no.
    DC FQDN name
    Domain DNS name
    1
    DC01.HQ.local
    HQ.local
    2
    DC02.HQ.local
    HQ.local (secondary DNS)
    3
    SRVPDC01.DOMAIN1.local
    DOMAIN1.local
    4
    SRVPDC01.TEST1.local
    TEST1.local
    5
    TESTDC01.TEST2.local
    TEST2.local
    Two-Way Forest Trusts are configured without any problems but here's an overview when the error occurs.
    On SRVPDC01.DOMAIN1.local -> adding user1.HQ.local to the AD =
    error
    On DC01.HQ.local -> adding user1.DOMAIN1.local to the AD = no problem.
    On SRVPDC01.TEST1.local -> adding user1.HQ.local to the AD =
    error
    On DC01.HQ.local -> adding user1.TEST1.local to the AD = no problem.
    On TESTDC01.TEST2.local -> adding user1.HQ.local to the AD = no problem.
    On DC01.HQ.local -> adding user1.TEST2.local to the AD = no problem.
    What are my options to fix this? There must be more possibilities than renaming the DC names.
    And why does the problem only occur when adding users in Foreign domain ->from-> HQ.local and not HQ.local ->from-> Foreign domain. Because that's the only
    thing I really need: users from HQ.local having permissions in groups of the other domains… :(
    Any advise or help would be much appreciated. I've been struggeling with this for a while now and i'm pretty much out of ideas.

    Hi aperelli,
    On srvpdc01.DOMAIN1.local
    nslookup
    set type=all
     _ldap._tcp.dc._msdcs.hq.local
    Result:
    C:\Windows\system32>nslookup
    DNS request timed out.
        timeout was 2 seconds.
    Default Server:  UnKnown
    Address:  ::1
    > set type=all
    > _ldap._TCP.DC._msdcs.HQ.local
    Server:  UnKnown
    Address:  ::1
    Non-authoritative answer:
    _ldap._TCP.DC._msdcs.HQ.local  SRV service location:
              priority       = 0
              weight         = 100
              port           = 389
              svr hostname   = dc01.hq.local
    _ldap._TCP.DC._msdcs.HQ.local  SRV service location:
              priority       = 0
              weight         = 100
              port           = 389
              svr hostname   = dc02.hq.local
    dc01.hq.local  internet address = 192.168.1.200
    dc02.hq.local  internet address = 192.168.1.201
    =======================
    On srvpdc01.TEST1.local
    nslookup
    set type=all
     _ldap._tcp.dc._msdcs.hq.local
    Result:
    C:\Windows\system32>nslookup
    DNS request timed out.
        timeout was 2 seconds.
    Default Server:  UnKnown
    Address:  ::1
    > set type=all
    > _ldap._TCP.DC._msdcs.HQ.local
    Server:  UnKnown
    Address:  ::1
    Non-authoritative answer:
    _ldap._TCP.DC._msdcs.HQ.local  SRV service location:
              priority       = 0
              weight         = 100
              port           = 389
              svr hostname   = dc01.hq.local
    _ldap._TCP.DC._msdcs.HQ.local  SRV service location:
              priority       = 0
              weight         = 100
              port           = 389
              svr hostname   = dc02.hq.local
    dc01.hq.local  internet address = 192.168.1.200
    dc02.hq.local  internet address = 192.168.1.201
    =======================
    On DC01.HQ.local
    nslookup
    set type=all
     _ldap._tcp.dc._msdcs.domain1.local
    Result:
    C:\Windows\system32>nslookup
    Default Server:  dc01.hq.local
    Address:  192.168.1.200
    > set type=all
    > _ldap._tcp.dc._msdcs.domain1.local
    Server:  dc01.hq.local
    Address:  192.168.1.200
    Non-authoritative answer:
    _ldap._tcp.dc._msdcs.domain1.local      SRV service location:
              priority       = 0
              weight         = 100
              port           = 389
              svr hostname   = srvpdc01.domain1.local
    srvpdc01.domain1.local     internet address = 10.0.113.150
    =======================
    I have tested port 3268 and 3269 with Port Query UI and ports are listening on alle DC servers.

  • Cannot share documents with few users in one way trusted domain

    Hello
    I am running in a wiered issue. I setup people picker in SP 2013 foundation version to lookup the user from one way trusted domains after which I started getting all the users from that domain in my intranet. I can also share or modify the permission of
    users being administrator. However when I try to add 2 specific users as site collection administrator or try sharing a document, I get error.
    I can lookup their name but when I try changing their permission or share document with them, I get error. It's wiered because it is only with this two users. there is no difference from Active Directory point of view between these and other users. Please
    help or suggest some trouble shooting steps.
    Regards,
    Hardik Bhilota.

    Hi Hardik,
    What was the error message when sharing documents with the two users?
    Please also check the ULS log for detailed error message which is located at C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\LOGS.
    What is the permission of the two users in SharePoint site? Can they access the site?
    Please also run the two commands below to see if the issue still occurs:
    First, on every front-end Web server on a farm run this command:
    STSADM.exe -o setapppassword -password key
    Second, on a front-end Web server run this command:
    STSADM.exe -o setproperty -pn peoplepicker-searchadforests -pv domain:DnsName,user,password -url http:// webapp
    Best regards.
    Thanks
    Victoria Xia
    TechNet Community Support

Maybe you are looking for

  • Question - is JavaMail the choice for me? Mass email delivery.

    Hello. I'm thinking about using JavaMail API, and I would like your feedback if JavaMail is the right choice for me. I'm working on a J2EE app (running on Glassfish) that will send email out to multiple recipients. The critical parts are 1) It must s

  • Accordion issues in IE 6&7

    I'm having an issue with the accordion where the items open underneath the top panel in IE. The top panel stays open and the subsequent panels reveal underneath. Everything works fine in Safari and FF, but surprisingly IE isn't rendering the same. ht

  • Problem in identifying unique records from different tables

    Hello gurus, I am on E-Recruitment module. I order to get more fields in CANDIDATE_ATTR datasource I have enhanced it. I am getting additional fields from HRP5103 (Employer, Employment Start Date & Employment End Date) & from HRP5104 (Institute, City

  • Error when building dll

    I tried to run the example HelloWorld given in JNI tutorial. http://java.sun.com/docs/books/tutorial/native1.1/stepbystep/index.html But when I try to build dll I typed under dos C:\Program Files\Microsoft Visual Studio\VC98\Bin>cl -Ic:\jdk1.3.1\incl

  • IPad thinks headphones are plugged in

    Any ideas?