Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Can not Set up Domain Trust from WIN2000 ADV SRV down to a NT4 Domain

Posted on 2003-03-12
Medium Priority
Last Modified: 2008-05-30
I am trying to create an trust relationship down to another city where our NT4 domain resides. At my location we use Win 2000 ADV SRV SP3. From Point to Point we have a VPN client setup that wraps our data via these little client boxes we set up. We guide these VPN clients by static routes via our router down to the routers there. I have included the address and names into my DNS, HOSTS, and LMHOSTS files. If i punch in the \\NTDOMAIN in explorer i can see the files and goods :). However Trusts is not able to contact the other machines authentication service. i have recieving the following message from Active Directory Domains and Trust MMC (Note: NTDOMAIN intentionally typed there) =) ...

The NTDOMAIN domain cannot be contacted.
If this domain is a Windows domain, the trust cannot be setup until the domain is contacted. Click Cancel and try again later.
If this is an interoperable non-Windows Kerberos realm and you want to set up this side of the trust click OK.

PS i have poked severals holes in the firewall. I may have the wrong ports if any.
Question by:kim77751

Expert Comment

ID: 8123296
What mode are you running the W2K domain---native or mixed-mode? If you are running W2K in native mode, it will not accept a trust relationship from NT4 PDCs, only from other W2K DCs.


Going from mixed-mode to native mode is a one-way trip,,,you cannot revert back to mixed-mode.

Author Comment

ID: 8123749
Hey Hi,

Sorry i should have stuck that guy in there. I am using Mixed Mode.

Expert Comment

ID: 8125733
Your VPN connection need to allow NETBIOS traffic to go both way. NT 4.0 using Netbios, win2k can live with only tcp/ip
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.


Author Comment

ID: 8128753
Hi FireBird,

Thank you for the suggestion. The VPN Clients are allowing NetBIOS also ive tried using it's WAN IP to connect instead of the Static Routed IP.

Author Comment

ID: 8128909
Hi FireBird,

Thank you for the suggestion. The VPN Clients are allowing NetBIOS also ive tried using it's WAN IP to connect instead of the Static Routed IP.

Author Comment

ID: 8129042
Hi FireBird,

Thank you for the suggestion. The VPN Clients are allowing NetBIOS also ive tried using it's WAN IP to connect instead of the Static Routed IP.

Assisted Solution

gillitj earned 500 total points
ID: 8423552
I had this same problem today and an IT guy, Jonathan C, at our main campus gave me the solution.

I kept trying to use the GUI and there is a problem with it.  Use the NETDOM.exe provided by Microsoft.  This is the comand line interface.We had to play with it a little bit becuase it is confusing but it fixed our problem.  Hope it works for you.



Accepted Solution

tatw earned 500 total points
ID: 8794994
netdom trust ABC /domain:CDE /add /oneside:trusting /passwordT:password

ABC AD native mode domain trust CDE NT4 domain with password "password"

p.s. The GUI also don't work for verification. Please use netdom to verify again.


Expert Comment

ID: 9153146
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
Post your closing recommendations!  No comment means you don't care.

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question