Setting up a trust between two remote locations
My office is located in Barbados and the remote site is in Canada. Both offices are running Windows 2000 Server and Professional for the clients. I have a Netscreen firewall that was used on both ends to configure the tunnel, which is up and running. I can ping both ends of the tunnel successfully by IP address but not by name. I have the firewall allocating the IP addresses to my clients. Hence, it is my DHCP server. I have installed the DNS Active Directory integration. I have forwarders set up to get onto the Internet. I am trying to set up a trust relationship between the two offices, but the error is that the "domain cannot be contacted." From reading various articles on the Internet, I've found that in order for a trust to work between two remote locations, the DNS must be set up so that the servers in each forest can resolve names of the servers in the trust of the other forest. I am not sure how to go about doing this in DNS.
I am unclear as how to proceed. Please help. If you need any more information please do not hesitate to ask. Thanks.
I assume that there is a DNS server in Canada. What you can do is make the Canadian server's DNS host a copy of the Barbados DNS zone and visa versa. You go into the DNS console and create a secondary zone with the name of the zone in Canada (if you are on the Barbados server). Then you tell it that the primary server is at IP address x.x.x.x (whatever the DNS server in Canada is). The Barbados server will then copy the DNS information from Canada. Repeat the process in Canada for the Barbados DNS zone. Then, you will be able to see all of the information about the other system and establish a trust. I am assuming that the pipe between the two firewalls is not limited in any way (as in not allowing certain traffic between the two sites).
This was first published in February 2003