Share via

Windows domain forest trust issue

Gong, Allen 95 Reputation points
2024-07-11T09:32:14.9366667+00:00

I try to setup a domain forest on my Windows machines, and actually I can do it successfully and can list the domain users from other trusted domain, but several minutes later it does not work any more:

User's image Then I check the properties of this domain trust, it says "can not find an Active Directory Domain Controller":

User's image

Why this error happen? Thanks.

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,532 questions
Accepted answer
  1. Daisy Zhou 25,446 Reputation points Microsoft Vendor
    2024-07-11T10:47:25.4166667+00:00

    Hello Gong, Allen,
    Thank you for posting in Q&A forum.

    The error message usually indicates a connectivity or configuration issue between the Active Directory (AD) domains involved in the forest trust.

    Here are a few steps you can take to troubleshoot this issue:

    1.Check Network Connectivity

    • Ensure that the network connection between the domains is reliable and there are no firewall blocks or network issues preventing communication.
    • Use the ping command to verify you can reach the domain controller in the other domain.

    For example:

    ping the domain name of the other domain (such as, ping domain.com)

    ping IP address of the Domain Controller in the other domain

    ping the FQDN of the DC in the other domain (such as, ping DCName.domain.com)

    2.DNS Configuration

    • Verify that the DNS settings are correctly configured for both domains. Each domain should be able to resolve the DNS names of domain controllers in the other domain.
    • Ensure that the DNS server has the necessary forwarders or conditional forwarders configured.

    3.Active Directory Sites and Services

    • Ensure that site links and replication are properly configured in Active Directory Sites and Services.
    • Make sure that the domain controllers are correctly placed in their respective sites.

    4.Domain Controller Availability

    • Verify that the domain controllers in the other domain are up and running.
    • Check the event logs on the domain controllers for any errors or warnings that might indicate why they are not being found.

    5.DNS Records

    • Ensure that the necessary service records (SRV records) exist in DNS for the other domain.

    6.Trust Configuration

    • Confirm that the trust relationship between the domains is correctly configured in Active Directory Domains and Trusts.
    • Try removing and re-adding the trust relationship if necessary.

    7.Firewall and Ports

    • Ensure that the necessary ports for AD communications are open. Some common ports include 53 (DNS), 88 (Kerberos), 135 (RPC), 389 (LDAP), 445 (SMB), and others.

    How to configure a firewall for Active Directory domains and trusts

    https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/config-firewall-for-ad-domains-and-trusts

    8.Time Synchronization

    • Ensure that the system clocks on both domains are synchronized. Significant time differences can cause trust issues. After checking these areas, try validating the forest trust again.

    9.Check has someone made any changes in this domain and the other domain during the several minutes.

    I hope the information above is helpful.

    If you have any questions or concerns, please feel free to let us know.

    Best Regards,

    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

4 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. RobertRicks-0663 5 Reputation points
    2024-07-23T09:20:02.8333333+00:00

    Identify the Error Message: Note down the exact error message you’re seeing. This can provide clues about what might be going wrong.

    Verify File Integrity: Check if the file in question matches the expected hash values in the block map file. This can help you determine if the file is corrupted.

    Rebuild the Package: If you have access to the source files, try rebuilding the application package. This can help resolve issues related to corrupted or missing files.

    Check for Updates: Ensure that you have the latest version of the application package. Sometimes, errors can be resolved by updating to the latest version.

    Review Logs: Look at the installation or update logs for any specific error messages. These logs can provide valuable information about what went wrong and how to fix it.

    Consult Documentation: Refer to the official documentation for the application or the packaging tool you’re using. There may be specific troubleshooting steps or known issues that can help you resolve the error.

    0 comments
  2. RobertRicks-0663 5 Reputation points
    2024-07-23T09:21:28.7166667+00:00 
    import hashlib
import xml.etree.ElementTree as ET

# Parse the BlockMap file
tree = ET.parse('BlockMap.xml')
root = tree.getroot()

# Define the hash method
hash_method = hashlib.sha256

# Iterate through each file in the BlockMap
for file in root.findall('.//File'):
    file_name = file.get('Name')
    file_size = int(file.get('Size'))
    
    # Open the file and read its content
    with open(file_name, 'rb') as f:
        file_content = f.read()
    
    # Iterate through each block in the file
    for block in file.findall('.//Block'):
        block_size = int(block.get('Size'))
        block_hash = block.get('Hash')
        
        # Compute the hash for the block
        block_content = file_content[:block_size]
        computed_hash = hash_method(block_content).digest()
        
        # Compare the computed hash with the expected hash
        if computed_hash != block_hash:
            print(f"Integrity check failed for block in file {file_name}")
        else:
            print(f"Block integrity verified for file {file_name}")
        
        # Move to the next block
        file_content = file_content[block_size:]
    0 comments
  3. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

  4. RobertRicks-0663 5 Reputation points
    2024-07-23T09:28:19.35+00:00

    During one of the deployments, the automated integrity checks detected a mismatch in the hash values of one of the application packages. This indicated that the package had been tampered with. The deployment was halted, and the issue was investigated. It was discovered that a malicious actor had attempted to inject harmful code into the package.

    Thanks to the automated integrity checks, the team was able to prevent the compromised package from being deployed, thereby protecting the integrity and security of the banking application.

    This example highlights the importance of automated integrity checks in ensuring the security and reliability of software deployments. By integrating these checks into the CI/CD pipeline, the team was able to detect and prevent potential security breaches before they could cause any harm.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.