Creating an External Trust between W2K & W2K3 forests (10.10.5.0 and 192.168.10.0) via ISA 2000

Good afernoon.

I have two separate forests that I am attempting to create an external trust
relationship between, one is running W2K (Native Mode) and the other is
running W2K3 (Server 2003).

The W2K forest is running on the 10.10.5.x network and the W2K3 forest is
running on the 192.168.10.x network. The W2k forest is protected by ISA
2000 and the W2k3 forest is protected by a WatchGuard firewall. So far, I
have managed to create the external trust for the W2K3 forest, as I have
been able to configure the DNS server within this forest to allow forwarding
to the W2K forest as I am able to ping both IP addresses as well as
hostnames in the W2K forest from the W2K3 forest, but not the other way.

From what I can see everything is working from the W2K3 forest, but I need
to make a change in the W2K forest on both the ISA server and the DNS
server. Does this make sense to anybody?

If you are able to assist, I would be most appreciative.

Many thanks,

 

And the answer is WINS Server
(or correct configuration of WINS server or clients.)

Almost always...

External trusts require NetBIOS name resolution.

You have more than one subnet/network.

NetBIOS resolution across routers doesn't work
by broadcasts so WINS server is a practical necessity.

All machines must be clients of the WINS server,
actually of the SAME WINS "database".

This includes "servers" as well. And it means that
if you have multiple WINS servers they must replicate.

It is also possible you are blocking the NetBIOS
requests across the firewalls.

It's a NetBIOS issue.