General discussion

Locked

Problems with Trust between NT and W2k

By jabo210 ·
I am attempting to setup trust relationships between an NT domain and a W2K domain, in preparation for migration. Whether using "netdom" or the user manager in NT, the following error is returned: "The trust relationship between the primary domain and the trusted domain failed."

MSKBs have been little help (# 128489, 158148, 186818, et al). Adding the new domain dc to the lmhosts file on the NT PDC did not help either. HKEY_LOCAL_MACHINE\SAM\SAM is empty.

What should I try next? (What else could prevent the trust relationship from succeeding?) Is there another way to setup the trusts?

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Problems with Trust between NT and W2k

by curlergirl In reply to Problems with Trust betwe ...

The order in which you do things is very important. Also, I have experienced situations where I had to do things twice on the NT end in order for them to work correctly on the Win2K end. My experience has been that it works best to first create the trust relationship on the trusted domain end and then on the trusting domain end. You may still get error messages while creating the relationship, but it may still hold. So, what I would do is, first, remove any relationships that aren't workingand start fresh. Then, go to the Win2K domain and create a "trusted domain" entry for the NT domain. Go to the NT PDC and create a "trusting domain" entry for the Win2K domain. Then, do the opposite for a two-way trust relationship. I've always used the GUI (User Manager for Domains in NT and Active Directory Domains and Trusts in Win2K) to establish the relationships. Once established, if either of the trusts fails, go to the NT domain and recreate the relationship from that end first. Ibelieve different MS articles will say different things, but I've found it to work best with a two-way relationship. Also, the Win2K domain has to be in native mode for this to work, so double-check that. If, in fact, you've NEVER successfully created any kind of trust relationship between the two domains, there could be a more basic problem, like something preventing the two domain controllers from communicating (i.e., cabling, TCP/IP routing, etc.). Hope this helps!

Collapse -

Problems with Trust between NT and W2k

by jabo210 In reply to Problems with Trust betwe ...

I cannot establish the trust relationship. From NT, "access denied."

As far as I can tell, TCP/IP is working fine. I can ping the new machine, using either the IP address or the computer name, from the old domain pdc. I can ping the new domain. I can access the new machine (on the new domain) from IE on the old pdc, using only the computer's netbios name, albeit it is very slow.

Collapse -

Problems with Trust between NT and W2k

by curlergirl In reply to Problems with Trust betwe ...

Followup to my previous answer - Try adding this registry entry on the NT PDC side:

HKEY_LOCAL_MACHINE | System | CurrentControlSet | Control | Lsa
TcpipClientSupport:REG_DWORD:0X1

(requires a reboot of the server to be effective)

Hope this helps!

Collapse -

Problems with Trust between NT and W2k

by jabo210 In reply to Problems with Trust betwe ...

Value has already been entered, and is set to 1. (Found this same tip in a MSKB)

This has been a really frustrating problem. Nothing in MSKB has helped and I haven't anyone who has had this same problem!

If you can think of anything else, please help.

Back to Windows Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums