Ask the Expert

Setting up a trust between two remote locations

My office is located in Barbados and the remote site is in Canada. Both offices are running Windows 2000 Server and Professional for the clients. I have a Netscreen firewall that was used on both ends to configure the tunnel, which is up and running. I can ping both ends of the tunnel successfully by IP address but not by name. I have the firewall allocating the IP addresses to my clients. Hence, it is my DHCP server. I have installed the DNS Active Directory integration. I have forwarders set up to get onto the Internet. I am trying to set up a trust relationship between the two offices, but the error is that the "domain cannot be contacted." From reading various articles on the Internet, I've found that in order for a trust to work between two remote locations, the DNS must be set up so that the servers in each forest can resolve names of the servers in the trust of the other forest. I am not sure how to go about doing this in DNS.

I am unclear as how to proceed. Please help. If you need any more information please do not hesitate to ask. Thanks.

    Requires Free Membership to View

I assume that there is a DNS server in Canada. What you can do is make the Canadian server's DNS host a copy of the Barbados DNS zone and visa versa. You go into the DNS console and create a secondary zone with the name of the zone in Canada (if you are on the Barbados server). Then you tell it that the primary server is at IP address x.x.x.x (whatever the DNS server in Canada is). The Barbados server will then copy the DNS information from Canada. Repeat the process in Canada for the Barbados DNS zone. Then, you will be able to see all of the information about the other system and establish a trust. I am assuming that the pipe between the two firewalls is not limited in any way (as in not allowing certain traffic between the two sites).

This was first published in February 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: