You May Be Unable to Establish a Trust Relationship Between Either Windows 2000 or Windows Server 2003 and Windows NT Domains (295335)
The information in this article applies to:
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows NT Server 4.0
- Microsoft Windows Server 2003, Standard Edition
- Microsoft Windows Server 2003, Enterprise Edition
This article was previously published under Q295335 SYMPTOMS You may be unable to establish a trust relationship between
a Windows NT domain and either
a Windows 2000 domain or
a Windows Server 2003 domain.
When you try to add the trust from the Windows 2000 domain, you may receive the
following error message: The trust cannot be created
because no mapping between account names and security IDs was done. When
you try to add the trust from the Windows Server 2003 domain, you may receive the
following error message: Cannot Continue. The trust relationship
cannot be created because the following error occurred: The operation failed.
The error is: The specified user already exists. When
you attempt to add the trust from the Windows NT domain, you may receive the
following error message: The trust relationship could
not be verified at this time. You may receive an event 5721 (session
setup failed) in the event log when you try to establish the trust.
CAUSE This behavior can occur because the "Internet" domain name
cannot be accessed. This domain name is a restricted name and it cannot be used
for either a domain name or a computer name.
Although you can name a
Windows computer or domain "Internet", you cannot establish a trust to a domain
named "Internet" from Windows 2000. RESOLUTION To work around this behavior, do not use restricted names
for computer names or domain names. To facilitate access to a domain
named "Internet" if the domain (or computer) already exists and it cannot be
rebuilt:
- Pass-through authentication can be used from the Windows
2000 domain to access the domain named "Internet".
- Pass-through authentication should still function with the
domain named "Internet".
- Pass-through authentication occurs when a domain (or
computer) contains a user account with the same name and password as a user in
the Windows 2000 domain that needs to access the domain named
"Internet".
For additional information about restricted names, click the following article number to view the article in the Microsoft Knowledge Base:
266633
"Computer name is already in use" error message when you add user names in Windows 2000
| Modification Type: | Minor | Last Reviewed: | 1/18/2006 |
|---|
| Keywords: | kberrmsg kbnetwork kbprb kbTrusts w2000trusts KB295335 |
|---|
|