Can not Set up Domain Trust from WIN2000 ADV SRV down to a NT4 Domain

Posted on 2003-03-12
Medium Priority
Last Modified: 2008-05-30
I am trying to create an trust relationship down to another city where our NT4 domain resides. At my location we use Win 2000 ADV SRV SP3. From Point to Point we have a VPN client setup that wraps our data via these little client boxes we set up. We guide these VPN clients by static routes via our router down to the routers there. I have included the address and names into my DNS, HOSTS, and LMHOSTS files. If i punch in the \\NTDOMAIN in explorer i can see the files and goods :). However Trusts is not able to contact the other machines authentication service. i have recieving the following message from Active Directory Domains and Trust MMC (Note: NTDOMAIN intentionally typed there) =) ...

The NTDOMAIN domain cannot be contacted.
If this domain is a Windows domain, the trust cannot be setup until the domain is contacted. Click Cancel and try again later.
If this is an interoperable non-Windows Kerberos realm and you want to set up this side of the trust click OK.

PS i have poked severals holes in the firewall. I may have the wrong ports if any.
Question by:kim77751
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 8123296
What mode are you running the W2K domain---native or mixed-mode? If you are running W2K in native mode, it will not accept a trust relationship from NT4 PDCs, only from other W2K DCs.


Going from mixed-mode to native mode is a one-way trip,,,you cannot revert back to mixed-mode.

Author Comment

ID: 8123749
Hey Hi,

Sorry i should have stuck that guy in there. I am using Mixed Mode.

Expert Comment

ID: 8125733
Your VPN connection need to allow NETBIOS traffic to go both way. NT 4.0 using Netbios, win2k can live with only tcp/ip
Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.


Author Comment

ID: 8128753
Hi FireBird,

Thank you for the suggestion. The VPN Clients are allowing NetBIOS also ive tried using it's WAN IP to connect instead of the Static Routed IP.

Author Comment

ID: 8128909
Hi FireBird,

Thank you for the suggestion. The VPN Clients are allowing NetBIOS also ive tried using it's WAN IP to connect instead of the Static Routed IP.

Author Comment

ID: 8129042
Hi FireBird,

Thank you for the suggestion. The VPN Clients are allowing NetBIOS also ive tried using it's WAN IP to connect instead of the Static Routed IP.

Assisted Solution

gillitj earned 500 total points
ID: 8423552
I had this same problem today and an IT guy, Jonathan C, at our main campus gave me the solution.

I kept trying to use the GUI and there is a problem with it.  Use the NETDOM.exe provided by Microsoft.  This is the comand line interface.We had to play with it a little bit becuase it is confusing but it fixed our problem.  Hope it works for you.



Accepted Solution

tatw earned 500 total points
ID: 8794994
netdom trust ABC /domain:CDE /add /oneside:trusting /passwordT:password

ABC AD native mode domain trust CDE NT4 domain with password "password"

p.s. The GUI also don't work for verification. Please use netdom to verify again.


Expert Comment

ID: 9153146
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
Post your closing recommendations!  No comment means you don't care.

Featured Post

Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question