You May Be Unable to Establish a Trust Relationship Between Either Windows 2000 or Windows Server 2003 and Windows NT Domains

You may be unable to establish a trust relationship between a Windows NT domain and either a Windows 2000 domain or a Windows Server 2003 domain. When you try to add the trust from the Windows 2000 domain, you may receive the following error message: When you try to add the trust from the Windows Server 2003 domain, you may receive the following error message: When you attempt to add the trust from the Windows NT domain, you may receive the following error message: You may receive an event 5721 (session setup failed) in the event log when you try to establish the trust.

This behavior can occur because the "Internet" domain name cannot be accessed. This domain name is a restricted name and it cannot be used for either a domain name or a computer name.

Although you can name a Windows computer or domain "Internet", you cannot establish a trust to a domain named "Internet" from Windows 2000.

To work around this behavior, do not use restricted names for computer names or domain names.

To facilitate access to a domain named "Internet" if the domain (or computer) already exists and it cannot be rebuilt:

• Pass-through authentication can be used from the Windows 2000 domain to access the domain named "Internet".
• Pass-through authentication should still function with the domain named "Internet".
• Pass-through authentication occurs when a domain (or computer) contains a user account with the same name and password as a user in the Windows 2000 domain that needs to access the domain named "Internet".

For additional information about restricted names, click the following article number to view the article in the Microsoft Knowledge Base: