Home | Troubleshooting |  Quick Setup  |  Cisco How to  |  Data Recovery  |  Forums   | Blog | IT Exam Practice | Services  | About Us | Chicagotech MVP  | Search  | Contact Us  |                 

 

Domain Trusts

Cross-Link Trusts
How to create Domain Trust in Windows 2008
One-Way Trusts

Transitive Trusts
Three types of domain trust relationships
Trusted relationship over VPN

Cross-Link Trusts

Cross-link trusts are used to increase performance. With cross-link trusts, a virtual trust-verification bridge is created within the tree or forest hierarchy, enabling faster trust relationship confirmations (or denials) to be achieved.

One-Way Trusts

One-way trusts are not transitive, so they define a trust relationship between only the involved domains, and they are not bidirectional. You can, however, create two separate one-way trust relationships (one in either direction) to create a two-way trust relationship. However, that none-transitive two-way trusts do not equate to a transitive trust. Note: 1) one-way trusts are often used when new trust relationships must be established with down-level domains, such as Windows NT 4 domains. 2) one-way trusts can be used if a trust relationship must be established between domains that are not in the same Windows 2000 or Windows Server 2003 forest.

Three types of domain trust relationships

In Windows Server 2000/2003, there are three types of trust relationships, each of which fills a certain need within the domain structure. They are: Transitive trusts, One-way trusts  and Cross-link trusts.

Transitive Trusts

Transitive trusts establish a trust relationship between two domains that is able to flow through to other domains,. For example, if domain A trusts domain B, and domain B trusts domain C, domain A inherently trusts domain C and vice versa.

Trusted relationship over VPN

Symptoms: when attempting to create trusted relationship between two domains over VPN, you may receive a message like these “Windows cannot find the domain controller for chicagotech.net” or  “The trust cannot be validated for the following reasons: The outgoing trust was successfully validated. The secure channel (SC) reset on the domain controller \\msmvp01\chicagotech.net of domain chicagotech.net to domain chicagotech.net failed with error: There are currently no logon server available to service the logon request.” 

Resolutions: 1) Make sure you have correct password for both domains.
2.  It could be the name resolution issue. Make sure you have correct the DNS or WINS settings.
3. Multihomed computer as DC with DNS and WINS may cause this problem.
4. One possible cause of this error is that you have run out of buffer space in the NetBT datagram buffer.

Post your questions, comments, feedbacks and suggestions

Contact a consultant

Hit Counter   This web is provided "AS IS" with no warranties.
Copyright © 2002-2018 ChicagoTech.net, All rights reserved. Unauthorized reproduction forbidden.
 

 

 


Hit Counter   This web is provided "AS IS" with no warranties.
Copyright © 2002-2018 ChicagoTech.net, All rights reserved. Unauthorized reproduction forbidden.