Archived from groups: microsoft.public.win2000.active_directory (More info?)
Hi,
I have established a two way trust relationship with my Domain (Win2k) and
an external (WinNT) domain.
My Win2k domain contains 2 dc's is a child domain in a forest
DC1: PDC Emulator\RID Pool\GC
DC2: Infrastructure Master
These are the steps performed..
On Win2k end
- In AD Domains and Trusts under properties of Win2k domain Trusts Tab add
trusted domain (WinNT) underthe "Domains trusted by this domain" section .
Set password
the following message appears..
Active Directory cannot verify the trust.
If the other side of the trust relationship doesn't exist yet, you must
create it.
If the passwords for both sides of the trust relationship don't match, you
must remove this trust and re-create it using the correct password.
The error returned was: The security database on the server does not have a
computer account for this workstation trust relationship.
On WinNt end
- In User Manager for Domains on the Policies menu, click Trust
Relationships add Trusting Domain (Win2k) to the Trusting Domains box. Set
password which was set on 2K end
On WinNt end
- In User Manager for Domains on the Policies menu Trust Relationships add
Win2k domain to the Trusted Domains box. type password for the trust.
the following message appears ...
The trust relationship could not be verified at this time. If you find that
it was not established, contact the administrator of the Windows 2000-based
domain name domain and verify that it includes Windows NT-based domain name
on its list of trusting domains.
On Win2K end
- In AD Domains and Trusts under properties of Win2k domain Trusts Tab add
trusted domain (WinNT) under the "Domains that trust this domain" section.
Set password
After establishing the two way trust I cannot access the NT domain from
Windows 2000 from the Security permissions dialog box comes up with this
error...
(Cannot display objects from this location becasue of thie error:
The trust relationship between the primary domain and trusted domain failed.)
Cannot access from the NT Domain as well.
Tried \\servername for the NT PDC does not connect..
These are some event logged on the DC1
Source: Netlogon
Event Id: 5722
The session setup from the computer failed to authenticate. The name of the
account referenced in the security database is . The following error
occurred:
Access is denied.
------------------------------------------------------------------------------------------
Source: Netlogon
Event Id: 3210
Failed to authenticate with a Windows NT or Windows 2000 domain controller
for domain.
---------------------------------------------------------------------------------------
Source: Netlogon
Event Id: 5778
'' tried to determine its site by looking up its IP address ('') in the
Configuration\Sites\Subnets container in the DS. No subnet matched the IP
address. Consider adding a subnet object for this IP address.
---------------------------------------------------------------------------------------------
Source: Netlogon
Event Id: 3210
Failed to authenticate with \\ , a Windows NT or Windows 2000 domain
controller for domain .
----------------------------------------------------------------------------------------------
Source: Netlogon
Event Id: 5721
The session setup to the Windows NT or Windows 2000 Domain Controller
<Unknown> for the domain failed because the Domain Controller does not have
an account for the computer
Do i need to perform some additional steps for the two domains to talk to
each other.. please help would be really appreciated..
xor
Hi,
I have established a two way trust relationship with my Domain (Win2k) and
an external (WinNT) domain.
My Win2k domain contains 2 dc's is a child domain in a forest
DC1: PDC Emulator\RID Pool\GC
DC2: Infrastructure Master
These are the steps performed..
On Win2k end
- In AD Domains and Trusts under properties of Win2k domain Trusts Tab add
trusted domain (WinNT) underthe "Domains trusted by this domain" section .
Set password
the following message appears..
Active Directory cannot verify the trust.
If the other side of the trust relationship doesn't exist yet, you must
create it.
If the passwords for both sides of the trust relationship don't match, you
must remove this trust and re-create it using the correct password.
The error returned was: The security database on the server does not have a
computer account for this workstation trust relationship.
On WinNt end
- In User Manager for Domains on the Policies menu, click Trust
Relationships add Trusting Domain (Win2k) to the Trusting Domains box. Set
password which was set on 2K end
On WinNt end
- In User Manager for Domains on the Policies menu Trust Relationships add
Win2k domain to the Trusted Domains box. type password for the trust.
the following message appears ...
The trust relationship could not be verified at this time. If you find that
it was not established, contact the administrator of the Windows 2000-based
domain name domain and verify that it includes Windows NT-based domain name
on its list of trusting domains.
On Win2K end
- In AD Domains and Trusts under properties of Win2k domain Trusts Tab add
trusted domain (WinNT) under the "Domains that trust this domain" section.
Set password
After establishing the two way trust I cannot access the NT domain from
Windows 2000 from the Security permissions dialog box comes up with this
error...
(Cannot display objects from this location becasue of thie error:
The trust relationship between the primary domain and trusted domain failed.)
Cannot access from the NT Domain as well.
Tried \\servername for the NT PDC does not connect..
These are some event logged on the DC1
Source: Netlogon
Event Id: 5722
The session setup from the computer failed to authenticate. The name of the
account referenced in the security database is . The following error
occurred:
Access is denied.
------------------------------------------------------------------------------------------
Source: Netlogon
Event Id: 3210
Failed to authenticate with a Windows NT or Windows 2000 domain controller
for domain.
---------------------------------------------------------------------------------------
Source: Netlogon
Event Id: 5778
'' tried to determine its site by looking up its IP address ('') in the
Configuration\Sites\Subnets container in the DS. No subnet matched the IP
address. Consider adding a subnet object for this IP address.
---------------------------------------------------------------------------------------------
Source: Netlogon
Event Id: 3210
Failed to authenticate with \\ , a Windows NT or Windows 2000 domain
controller for domain .
----------------------------------------------------------------------------------------------
Source: Netlogon
Event Id: 5721
The session setup to the Windows NT or Windows 2000 Domain Controller
<Unknown> for the domain failed because the Domain Controller does not have
an account for the computer
Do i need to perform some additional steps for the two domains to talk to
each other.. please help would be really appreciated..
xor
Facebook
Twitter
Instagram