External one way trust issue

Yankee30 206 Reputation points
2022-06-22T19:37:55.37+00:00

Here’s the scenario

There’s a one way external trust already established where Dmz.com trusts Prod.com

Details about each domain:
DMZ.com(6DC’s)
Site1 - 4RWDC
Site2 - 2RODC

Prod.com

Site1 - 2RWDC
Site2 - 4RWDC

Now when we login to a member server from DMZ.com using Prod\UserA. It takes forever to login but eventually it does log in.

After I’m logged with Prod\User A and :-

If i try to gpresult /r, it takes forever and doesn't give output for user gpo’s.

If i run nltest /dsgetdc:prod.com and now that also errors out as “ ERROR_NO_SUCH_DOMAIN”

This is not a new setup, been there since long but I believe there’s some issue in between but can’t get what it could be?

What all things can we look for that you think could be causing the issue with this external trust slow login and above errors?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,035 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,802 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,299 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. 2022-06-22T22:55:16.947+00:00

    Hello @Yankee30 , the ERROR_NO_SUCH_DOMAIN could be caused by several things, beginning with DNS issues. Please ensure:

    Let us know if this answer was helpful to you or if you need additional assistance. If it was helpful, please remember to accept it so that others in the community with similar questions can more easily find a solution.


  2. Limitless Technology 39,331 Reputation points
    2022-06-24T15:03:31.73+00:00

    Hi there,

    Are you having replication issues?

    Check if the name suffix routing is correct on both domains and if both show routing as "enabled"

    Make sure that the workstation names are all unique. If two or more workstations have the same name they will work fine until the first one's password expires and resets it and then the other workstations are now using an old password.

    Cross Forest Trust with one-way domain trust issue https:// social.technet.microsoft.com/Forums/windowsserver/en-US/1ed40c8b-1e60-4296-8f35-3af66c0efe8c/cross-forest-trust-with-one-way-domain-trust-issue?forum=winserverDS

    AD One Way External Trust - Slow authentication with around 30 seconds delay https:// social.technet.microsoft.com/Forums/ie/en-US/efa57ee3-9bdb-48fb-a5db-7421e096ef27/ad-one-way-external-trust-slow-authentication-with-around-30-seconds-delay?forum=winserverDS

    -----------------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer–

    0 comments No comments