The Ghost Console (Server) doesn't have the same DNS servers as the I-Training domain.
That's likely to cause problems. Active Directory, and everything related to it (including the Microsoft-provide API sets that we need to use to work with AD), is
extremely sensitive to DNS configuration.
Just as background, the way the GSS console has always done domain joining is by having the server precreate the domain account for the client machine, and then asks the client to complete it. The point of doing things this way is that it means that the GSS server
never exposes any administrative-level account credentials to the client machines.
[ Remember that when you manually join a machine to a domain, you're entering highly powerful account credentials into a client machine. That's fine when you're sitting at it because you as a human administrator are making a very important trust decision about the machine when you choose to type that sensitive data into it.
For something that automates this process like GSS, spraying around credentials around networks in plain text would be a really,
really bad idea. Although we would like to let the clients do the joining because Microsoft are in effect starting to mandate that things work that way, in order for that process to be safe we have to carefully build up a system where the GSS console requires the clients to prove their identity to it, in addition to the way that the clients require the console to prove its identity to them. ]
So as a result, the console machine current needs to work with the domain controllers to preconstruct the account for the clients, and it is unfortunately the case that it also means that the console machine requires access to the appropriate DNS entries used behind the scenes by the Active Directory system. Otherwise, the APIs we call to do the work simply don't work.
Now, the innards of DNS configuration for Active Directory is a topic that would cover a book by itself, but short of that (assuming you're using the default Active Directory integrated DNS server support in each domain) the simplest thing you should try is giving your console machine access to the DNS servers for both domains.
For Windows XP and 2003, if you examine the GSS server's network connection properties in the control panel, for a network connection the "Internet Protocol (TCP/IP)" item has the properties for DNS. Open the properties for that item, and you can manually configure
multiple DNS servers so that one machine is willing to consult the DNS server in both domains. This way, when the GSS server tries to manipulate the secondary domain, all the DNS entries that need to be in place are visible to the machine and the API calls it makes should hopefully start working.