Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Access Denied error - when setting trust between NT4 and 2003 domains

Posted on 2006-03-30
Medium Priority
Last Modified: 2012-06-27
I am trying to setup a two-way trust between Nt4 and 2003 domains.  I am unable to do this becuase I am getting Access Denied error when I try from NT4 domain.  

I can map a drive from NT4 to access 2003 domain
I can PING servers from either domains
I am using LMHOSTS file
I have WINS

I am not sure what I am doing wrong here.

Any help is appreciated.

Question by:dgunna
LVL 15

Accepted Solution

Darwinian999 earned 500 total points
ID: 16339699
First, make sure that you have the right info in your LMHOSTS file -

The entry for the W2003 DC that has the PDC emulator FSMO role must contain #PRE #DOM:W2003DOMAIN at the end of the line (where "W2003DOMAIN" is the NetBIOS name of the 2003 Domain).
There must be plenty of space characters (not tabs) between the name and the #PRE, because a NetBIOS name can be 16 characters long.
You have to load the LMHOSTS contents into the NetBIOS cache - froma command prompt, run NBTSTAT /R  (note that the /R is CaSe Sensitive)
Check the contents of the cache by running NBTSTAT /c  (note that the /c is CaSe Sensitive).

Now create a connection from the NT4 Domain to IPC$ on the 2003 DC that has the PDC emulator FSMO role, using admin credentials. ie

net use \\W2003PDC\IPC$ /user:W2003DOMAIN\Administrator /password:XYZ

Then you should be able to establish the trust.
LVL 86

Assisted Solution

oBdA earned 500 total points
ID: 16345179
Might be that anonymous access is restricted in the W2k3 domain. In addition, make sure your lmhosts file is setup correctly.
Check these articles:

How to establish trusts with a Windows NT-based domain in Windows Server 2003

How to Write an LMHOSTS File for Domain Validation and Other Name Resolution Issues

Client, service, and program incompatibilities that may occur when you modify security settings and user rights assignments

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question