Win2k and WinNT domain trust issue


G

Guest

Hi,

I have established a two way trust relationship with my Domain (Win2k) and
an external (WinNT) domain.

My Win2k domain contains 2 dc's is a child domain in a forest

DC1: PDC Emulator\RID Pool\GC

DC2: Infrastructure Master

These are the steps performed..

On Win2k end

- In AD Domains and Trusts under properties of Win2k domain Trusts Tab add
trusted domain (WinNT) underthe "Domains trusted by this domain" section .
Set password

the following message appears..
Active Directory cannot verify the trust.
If the other side of the trust relationship doesn't exist yet, you must
create it.
If the passwords for both sides of the trust relationship don't match, you
must remove this trust and re-create it using the correct password.
The error returned was: The security database on the server does not have a
computer account for this workstation trust relationship.

On WinNt end

- In User Manager for Domains on the Policies menu, click Trust
Relationships add Trusting Domain (Win2k) to the Trusting Domains box. Set
password which was set on 2K end

On WinNt end

- In User Manager for Domains on the Policies menu Trust Relationships add
Win2k domain to the Trusted Domains box. type password for the trust.

the following message appears ...
The trust relationship could not be verified at this time. If you find that
it was not established, contact the administrator of the Windows 2000-based
domain name domain and verify that it includes Windows NT-based domain name
on its list of trusting domains.

On Win2K end

- In AD Domains and Trusts under properties of Win2k domain Trusts Tab add
trusted domain (WinNT) under the "Domains that trust this domain" section.
Set password


After establishing the two way trust I cannot access the NT domain from
Windows 2000 from the Security permissions dialog box comes up with this
error...


(Cannot display objects from this location becasue of thie error:

The trust relationship between the primary domain and trusted domain failed.)

Cannot access from the NT Domain as well.

Tried \\servername for the NT PDC does not connect..

These are some event logged on the DC1

Source: Netlogon

Event Id: 5722

The session setup from the computer failed to authenticate. The name of the
account referenced in the security database is . The following error
occurred:
Access is denied.

------------------------------------------------------------------------------------------
Source: Netlogon

Event Id: 3210

Failed to authenticate with a Windows NT or Windows 2000 domain controller
for domain.

---------------------------------------------------------------------------------------

Source: Netlogon

Event Id: 5778

'' tried to determine its site by looking up its IP address ('') in the
Configuration\Sites\Subnets container in the DS. No subnet matched the IP
address. Consider adding a subnet object for this IP address.

---------------------------------------------------------------------------------------------

Source: Netlogon

Event Id: 3210

Failed to authenticate with \\ , a Windows NT or Windows 2000 domain
controller for domain .

----------------------------------------------------------------------------------------------

Source: Netlogon

Event Id: 5721

The session setup to the Windows NT or Windows 2000 Domain Controller
<Unknown> for the domain failed because the Domain Controller does not have
an account for the computer

Do i need to perform some additional steps for the two domains to talk to
each other.. please help would be really appreciated..

xor
 
Ad

Advertisements

J

Jorge_de_Almeida_Pinto

Hi,

I have established a two way trust relationship with my
Domain (Win2k) and
an external (WinNT) domain.

My Win2k domain contains 2 dc's is a child domain in a forest

DC1: PDC EmulatorRID PoolGC

DC2: Infrastructure Master

These are the steps performed..

On Win2k end

- In AD Domains and Trusts under properties of Win2k domain
Trusts Tab add
trusted domain (WinNT) underthe "Domains trusted by this
domain" section .
Set password

the following message appears..
Active Directory cannot verify the trust.
If the other side of the trust relationship doesn't exist yet,
you must
create it.
If the passwords for both sides of the trust relationship
don't match, you
must remove this trust and re-create it using the correct
password.
The error returned was: The security database on the server
does not have a
computer account for this workstation trust relationship.

On WinNt end

- In User Manager for Domains on the Policies menu, click
Trust
Relationships add Trusting Domain (Win2k) to the Trusting
Domains box. Set
password which was set on 2K end

On WinNt end

- In User Manager for Domains on the Policies menu Trust
Relationships add
Win2k domain to the Trusted Domains box. type password for the
trust.

the following message appears ...
The trust relationship could not be verified at this time. If
you find that
it was not established, contact the administrator of the
Windows 2000-based
domain name domain and verify that it includes Windows
NT-based domain name
on its list of trusting domains.

On Win2K end

- In AD Domains and Trusts under properties of Win2k domain
Trusts Tab add
trusted domain (WinNT) under the "Domains that trust this
domain" section.
Set password


After establishing the two way trust I cannot access the NT
domain from
Windows 2000 from the Security permissions dialog box comes up
with this
error...


(Cannot display objects from this location becasue of thie
error:

The trust relationship between the primary domain and trusted
domain failed.)

Cannot access from the NT Domain as well.

Tried \servername for the NT PDC does not connect..

These are some event logged on the DC1

Source: Netlogon

Event Id: 5722

The session setup from the computer failed to authenticate.
The name of the
account referenced in the security database is . The
following error
occurred:
Access is denied.

--------------------------------------------------------------
----------------------------
Source: Netlogon

Event Id: 3210

Failed to authenticate with a Windows NT or Windows 2000
domain controller
for domain.

--------------------------------------------------------------
-------------------------

Source: Netlogon

Event Id: 5778

'' tried to determine its site by looking up its IP address
('') in the
ConfigurationSitesSubnets container in the DS. No subnet
matched the IP
address. Consider adding a subnet object for this IP address.


--------------------------------------------------------------
-------------------------------

Source: Netlogon

Event Id: 3210

Failed to authenticate with \ , a Windows NT or Windows 2000
domain
controller for domain .

--------------------------------------------------------------
--------------------------------


Source: Netlogon

Event Id: 5721

The session setup to the Windows NT or Windows 2000 Domain
Controller
<Unknown> for the domain failed because the Domain Controller
does not have
an account for the computer

Do i need to perform some additional steps for the two
domains to talk to
each other.. please help would be really appreciated..

xor

it look like there is something wrong with the machine account from
DC1

What does "DCDIAG /V" say on DC1?

See:
http://www.eventid.net/display.asp?eventid=5721&eventno=674&source=NETLOGON&phase=1

http://www.eventid.net/display.asp?eventid=5722&eventno=105&source=NETLOGON&phase=1

see www.eventid.net for the other events
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top