External one way trust issue

asked 2022-06-22T19:37:55.37+00:00
Yankee30 206 Reputation points

Here’s the scenario

There’s a one way external trust already established where Dmz.com trusts Prod.com

Details about each domain:
DMZ.com(6DC’s)
Site1 - 4RWDC
Site2 - 2RODC

Prod.com

Site1 - 2RWDC
Site2 - 4RWDC

Now when we login to a member server from DMZ.com using Prod\UserA. It takes forever to login but eventually it does log in.

After I’m logged with Prod\User A and :-

If i try to gpresult /r, it takes forever and doesn't give output for user gpo’s.

If i run nltest /dsgetdc:prod.com and now that also errors out as “ ERROR_NO_SUCH_DOMAIN”

This is not a new setup, been there since long but I believe there’s some issue in between but can’t get what it could be?

What all things can we look for that you think could be causing the issue with this external trust slow login and above errors?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,584 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
8,148 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
3,600 questions
No comments
{count} votes

2 answers

Sort by: Most helpful
  1. answered 2022-06-22T22:55:16.947+00:00
    Alfredo Revilla (MSFT) 15,571 Reputation points Microsoft Employee

    Hello @Yankee30 , the ERROR_NO_SUCH_DOMAIN could be caused by several things, beginning with DNS issues. Please ensure:

    Let us know if this answer was helpful to you or if you need additional assistance. If it was helpful, please remember to accept it so that others in the community with similar questions can more easily find a solution.


  2. answered 2022-06-24T15:03:31.73+00:00
    Limitless Technology 37,291 Reputation points

    Hi there,

    Are you having replication issues?

    Check if the name suffix routing is correct on both domains and if both show routing as "enabled"

    Make sure that the workstation names are all unique. If two or more workstations have the same name they will work fine until the first one's password expires and resets it and then the other workstations are now using an old password.

    Cross Forest Trust with one-way domain trust issue https:// social.technet.microsoft.com/Forums/windowsserver/en-US/1ed40c8b-1e60-4296-8f35-3af66c0efe8c/cross-forest-trust-with-one-way-domain-trust-issue?forum=winserverDS

    AD One Way External Trust - Slow authentication with around 30 seconds delay https:// social.technet.microsoft.com/Forums/ie/en-US/efa57ee3-9bdb-48fb-a5db-7421e096ef27/ad-one-way-external-trust-slow-authentication-with-around-30-seconds-delay?forum=winserverDS

    -----------------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer–

    No comments