?
Solved

Trusts between 2003 and NT4 Domains

Posted on 2005-03-11
24
Medium Priority
?
352 Views
Last Modified: 2010-04-13
We are unable to add a “Trusting domain” in NT4 with one of our Windows 2003 domains
(The other 2 2003 domains <> this NT domain trusts work fine)

We just get the error “The User Account Alredy Exists” when you try to add it ?

Any help appriciated

Points for anyone who can get this working!
0
Comment
Question by:tomjbarnard
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 10
  • +2
24 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 13516772
is there any firewalls in between?


have you put an entry on the NT4 PDC's lmhosts file that points to the Netbios name of the 2003 domain and the IP addrtess of one of its domain controllers
0
 
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 13516790
You May Be Unable to Establish a Trust Relationship Between Either Windows 2000 or Windows Server 2003 and Windows NT Domains: -
http://support.microsoft.com/?kbid=295335
0
 

Author Comment

by:tomjbarnard
ID: 13516828
yes we do have firewalls...
However we have 2 domians at our other site and we can create the trusts to this no problem

I have put a line like below into the NT4 PDC lmhosts

172.x.x.x      londc102 #PRE #DOM:SUPPORT

Thanks
0
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

 
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 13516847
Did you see the above article ?
0
 

Author Comment

by:tomjbarnard
ID: 13516873
Yes the domain is named support not internet

Thanks
0
 
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 13516946
On 2003 Server: -
Goto \winnt\security\templates\compatws.inf
Right click on it > "Install" and then restart 2003 server.
0
 

Author Comment

by:tomjbarnard
ID: 13517022
We have manged to create other trusts to this 2003 DC from our other NT4 domains fine
and we have used an identical setup on the other 2003 Domain on this site and I can create trusts to this fine from this NT4 domain...

So I dont want to change the security on the DC, well only as a last resort
I think the problem lies on the NT side with the "The User Account Alredy Exists" error?
0
 
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 13523142
I think there is nothing in Event ID related to this? Is there?
0
 
LVL 6

Expert Comment

by:vtsinc
ID: 13523346
Is the joining DC a duplicate name of an existing computer account?  

Also you might find the below link useful.

http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/Windows/2000/server/reskit/en-us/distrib/dsbi_add_qqne.asp

Regards,
Mike
0
 
LVL 7

Assisted Solution

by:PaulADavis
PaulADavis earned 600 total points
ID: 13527046
check to see if you have any open sessions between the two computers.... end all sessions and file access if possible then try it...

also verify that there isn't a computer with the same name in the nt or 2k3 domain (ex. computer1.xxx.com and computer1.ttt.com)....


gl
0
 

Author Comment

by:tomjbarnard
ID: 13543366
Thanks,

I am getting the following NETLOGON events on the NT4 box

Failed to authenticate with \\XXXX, a Windows NT domain controller for domain SUPPORT.


and


The session setup from the computer XXXX failed because there is no trust account in the security database for this computer. The name of the account referenced in the security database is SUPPORT$.
0
 
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 13543385
Event ID? It is helpfull for us.
0
 
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 13543395
One second....i have to say something here...

From where are you adding this Trust and you get this error ? from Windows 2000 or from Windows NT ?
0
 

Author Comment

by:tomjbarnard
ID: 13553269
Sorry,

On the 2003 box it sets up then you get "Verification was unsucesful because the security database on the server does not have a computer account for this workstation trust relationship."

On the NT4 box you get the above 2 event log errors repeatedly

NETLOGON 3210
Failed to authenticate with \\XXXX, a Windows NT domain controller for domain SUPPORT.

NETLOGON 5723
The session setup from the computer XXXX failed because there is no trust account in the security database for this computer. The name of the account referenced in the security database is SUPPORT$.

but you get the dialoge box "the user account already exists" from user manager.

I am guessing it thinks we do have a support$ account setup?
0
 
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 13553421
Then check that account first.
0
 

Author Comment

by:tomjbarnard
ID: 13554151
How do I check for the hidden account?
0
 
LVL 35

Accepted Solution

by:
Nirmal Sharma earned 1400 total points
ID: 13554622
That means trust has been verified from the Windows 2003 but not from NT Box. Right?
Do you have any user or computer accounted created with name Support in Active Directory or in User Manager ?
0
 

Author Comment

by:tomjbarnard
ID: 13555602
Nope, no support accounts in AD but...

Been trying nltest and netdom to create the trust or diagnose it more...

When I do:

 netdom /domain:NT4domain resource 2003domain password /add

I get

Found PDC \\NT4PDC
The user account alredy exists

So the resource account IS setup (support$), but does not apear in user managers trusts
I guess the question is how do I get rid of it, so I can try again?!?!?
0
 

Author Comment

by:tomjbarnard
ID: 13555645
OK reading help helps!

/delete dioes that job!


but I now get

The user account for the resource domain 'support' exisits but it is not marked as a resource domin account

how do I get rid :(
0
 

Author Comment

by:tomjbarnard
ID: 13555694
Sorted thanks for everyones help

0
 
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 13555737
How? Please tell us.
0
 
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 13555776
Thanks!

But please let us know for our future response after all we all are trying to learn something :-)
0
 

Author Comment

by:tomjbarnard
ID: 13572574
Sorry...

Deleted the support$ resource account using NETDOM on the command line
It looks like something went very wrong the first time I tried to set the trust up? you could not see it (and it did not work) but it was in the SAM.

For anyone else having problems NLTEST.exe and NETDOM.exe are very good tools for diagnosing problems - give much more helpfull output about what DC's they are finding - trying to connect to etc.

Thanks agian for the input - its always good to have a sounding board ;)
0
 
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 13572802
Thanks for letting us know. :-)
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
The Summer 2017 Scholarship Winners have been announced!
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses
Course of the Month10 days, 4 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question