Domain Trusts

[Andy White]

Sorry if this has been posted in the wrong group, not sure which group to
put it in.

We are trying to create a one way domain trust with one of our other
companies and I'm having a problem with it. we are using an NT4 pdc from our
domain and a W2K3 PDCe in the other domain. We want to give them access to
some files in our domain and as understand it that means our domain
(domain1) is the resource domain and theirs is the master domain (domain2)

when I use nltest /sc_query:domain2 from the pdc in domain1 I keep getting
"1787 ERROR_NO_SAM_TRUST_ACCOUNT."

When I try to create the trust I always get that "the trust relationship
between the primary domain and the trusted domain failed" error message.

I'm missing something that will make it all hang together but I don't know
what

I have read and followed the following KB articles but to no avail:-

175025
158148
228477
102725
180099
830578
181171
178640
180094
325874
150800
889030
185786
150737
139380
168076

I know some of these are not relevant to the problem but it lets you know
the kind of info I have been looking at to resolve the problem

Thanks in advance for any help

 

[Kurt]

Sorry if this has been posted in the wrong group, not sure which group to
put it in.

We are trying to create a one way domain trust with one of our other
companies and I'm having a problem with it. we are using an NT4 pdc from our
domain and a W2K3 PDCe in the other domain. We want to give them access to
some files in our domain and as understand it that means our domain
(domain1) is the resource domain and theirs is the master domain (domain2)

when I use nltest /sc_query:domain2 from the pdc in domain1 I keep getting
"1787 ERROR_NO_SAM_TRUST_ACCOUNT."

When I try to create the trust I always get that "the trust relationship
between the primary domain and the trusted domain failed" error message.

I'm missing something that will make it all hang together but I don't know
what

I have read and followed the following KB articles but to no avail:-

175025
158148
228477
102725
180099
830578
181171
178640
180094
325874
150800
889030
185786
150737
139380
168076

I know some of these are not relevant to the problem but it lets you know
the kind of info I have been looking at to resolve the problem

Thanks in advance for any help

NT4? Really? The terms "Master domain" and "Resource domain" went out
with NT4. I can't even remember how to set up a trust in NT4, but in a
one-way trust, the "trusted" domain is the domain that will be allowed
to access resources. The "Trusting" domain is the one that will be
sharing something.

....kurt

 

[Roger Abell [MVP]]

I am not familiar with the KB list you cite, so this may be covered.
The uplevel domain must have its security posture lowered significantly
in order to allow a trust with an NT4, beginning with the Pre-Windows
2000 Compatibility mode, on through NTLM level and signing requirements.
Have those all been covered?? Or, more amazingly, are those running the
uplevel AD willing to do what is needed to open up their armor?

 

[Andy White]

Thanks for the info Roger

I have the relevant KB in my list but dismissed it thinking the problem was
on the NT side.

I've passed the info to one of our guys in the other site and he is going to
look at it and work through it

Hopefully that will solve the issue