Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

You May Be Unable to Establish a Trust Relationship Between Either Windows 2000 or Windows Server 2003 and Windows NT Domains


View products that this article applies to.

This article was previously published under Q295335

↑ Back to the top


Symptoms

You may be unable to establish a trust relationship between a Windows NT domain and either a Windows 2000 domain or a Windows Server 2003 domain. When you try to add the trust from the Windows 2000 domain, you may receive the following error message:
The trust cannot be created because no mapping between account names and security IDs was done.
When you try to add the trust from the Windows Server 2003 domain, you may receive the following error message:
Cannot Continue. The trust relationship cannot be created because the following error occurred: The operation failed. The error is: The specified user already exists.
When you attempt to add the trust from the Windows NT domain, you may receive the following error message:
The trust relationship could not be verified at this time.
You may receive an event 5721 (session setup failed) in the event log when you try to establish the trust.

↑ Back to the top


Cause

This behavior can occur because the "Internet" domain name cannot be accessed. This domain name is a restricted name and it cannot be used for either a domain name or a computer name.

Although you can name a Windows computer or domain "Internet", you cannot establish a trust to a domain named "Internet" from Windows 2000.

↑ Back to the top


Resolution

To work around this behavior, do not use restricted names for computer names or domain names.

To facilitate access to a domain named "Internet" if the domain (or computer) already exists and it cannot be rebuilt:
  • Pass-through authentication can be used from the Windows 2000 domain to access the domain named "Internet".
  • Pass-through authentication should still function with the domain named "Internet".
  • Pass-through authentication occurs when a domain (or computer) contains a user account with the same name and password as a user in the Windows 2000 domain that needs to access the domain named "Internet".
For additional information about restricted names, click the following article number to view the article in the Microsoft Knowledge Base:
266633� "Computer name is already in use" error message when you add user names in Windows 2000

↑ Back to the top


Keywords: KB295335, kbtrusts, kbprb, kbnetwork, kberrmsg

↑ Back to the top

Article Info
Article ID : 295335
Revision : 6
Created on : 3/1/2007
Published on : 3/1/2007
Exists online : False
Views : 437