Help and Support
 

powered byLive Search

Broken Trust Between Domains Results in Unsuccessful Logon Attempt

View products that this article applies to.
Article ID:207957
Last Review:November 1, 2006
Revision:2.1
This article was previously published under Q207957
On This Page

SYMPTOMS

When you attempt to log on to a Windows NT server, workstation, or domain controller using account credentials from a trusted domain, you may receive the following error:

The system cannot log you on to this domain because the trust relationship between the primary domain and the trusted domain failed.

Back to the top

CAUSE

This problem will occur if the trust was broken at the accounts domain (trusted), but not the resource domain (trusting).

NOTE: You can use the Microsoft Windows NT 4.0 resource kit utility Netdom.exe file to check both the status of the trust and re-create the trust.

Back to the top

RESOLUTION

Break the trust in both the account and resource domains, and then re-establish it on both sides.

Back to the top

Break the Trust Relationship

1.To break the trust on the primary domain controller (PDC) in the resource domain, click Start, point to Programs, point to Administrative Tools, and then double-click User Manager for Domains.
2.On the Policies menu, click Trust Relationships.
3.Select the accounts domain from the Trusted Domains list box and click Remove.
4.When prompted to complete the removal, click Yes
5.At the PDC in the accounts domain, click Start, point to Programs, point to Administrative Tools, and then double-click User Manager for Domains.
6.On the Policies menu, click Trust Relationships.
7.Select the resource domain from the Trusting Domains list box and click Remove.
8.When prompted to complete the removal, click Yes

Back to the top

Re-establish the Trust Relationship

1.On the PDC in the accounts domain, click Start, point to Programs, point to Administrative Tools, and then double-click User Manager for Domains.
2.On the Policies menu, click Trust Relationships, and then click Add next to the Trusting Domains list box.
3.In the Add Trusting Domain dialog box, type in the resource domain name. Enter a password that you will use for the resource domain to access the accounts domain, retype the password in the Confirmation field, and then click OK.
4.On the PDC in the resource domain, click Start, point to Programs, point to Administrative Tools, and then double-click User Manager for Domains.
5.On the Policies menu, click Trust Relationships, and then click Add next to the Trusted Domains list box.
6.In the Add Trusted Domain dialog box, type in the accounts domain name and the password that you supplied in step 3.
7.Click OK in the Trust Relationship With accounts domain Successfully Established dialog box.

Back to the top

APPLIES TO
Microsoft Windows NT Server 4.0, Terminal Server Edition
Microsoft Windows NT Workstation 3.51
Microsoft Windows NT Workstation 4.0 Developer Edition
Microsoft Windows NT Server 3.51
Microsoft Windows NT Server 4.0 Standard Edition
Microsoft Windows NT Server 4.0 Enterprise Edition
Microsoft BackOffice Server 4.0
Microsoft BackOffice Server 4.5

Back to the top

Keywords: 
kberrmsg kbnetwork kbprb KB207957

Back to the top

Article Translations

 

Other Support Options

  • Need More Help?
    Contact a Support professional by Email, Online or Phone.
  • Customer Service
    For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
  • Newsgroups
    Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.