You receive a "The specified domain either does not exist or could not be contacted" error message when you try to establish a new Terminal Services connection to a Windows Server 2003-based terminal server

When you try to establish a new Terminal Services connection to a Windows Server 2003-based terminal server by using an account from a trusted interoperable Kerberos V5 realm, you may receive the following error message: Additionally, you cannot use the Terminal Server User Profile (TerminalServicesProfilePath) property, the Terminal Services Home Directory (TerminalServicesHomeDirectory) property, or other related Terminal Services properties that have been set on the user account.

Note Examples of trusted interoperable Kerberos V5 realms include the Massachusetts Institute of Technology (MIT) realm and the Heimdal realm.

Service pack information

To resolve this problem, obtain the latest service pack for Windows Server 2003. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

You must have Microsoft Windows 2003 Service Pack 1 (SP1) installed.

Restart requirement

You must restart your computer after you apply this hotfix.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Windows Server 2003, Itanium-based versions

Windows Server 2003, Itanium-based versions with SP1

Windows Server 2003, x64-based versions

Windows Server 2003, x86-based versions

Windows Server 2003, x86-based versions with SP1

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

Warning You may want to remove a user's read permissions to the local Security Accounting Manger (SAM) database or to the Active Directory directory service to prevent the user from logging on to the terminal server. However, if you follow these steps, the user will be able to log on to the terminal server.

To work around this issue, change the Windows registry on the terminal server so that the following are true:

• The Winlogon process ignores errors when it reads the Terminal Serves configuration data.
• The Winlogon process reads the DefaultUserConfig data.

To do this, follow these steps:

1. Click Start, click Run, type regedit, and then click OK.
2. Locate the following registry subkey:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server
3. Click Edit, point to New, and then click DWORD Value.
4. In the New Value #1 box, type IgnoreRegUserConfigErrors, and then press ENTER.
5. Right-click IgnoreRegUserConfigErrors, and then click Modify.
6. In the Value data box, type 1, click Decimal, and then click OK.
7. Quit Registry Editor.

Note If you follow these steps, users may be able to log on to the Windows Server 2003 Terminal Services computer. However, users will not be able to read the Terminal Services properties on the mapped Active Directory account. Therefore, users will not be able to access the profile path of the Terminal Server User Profile (TerminalServicesProfilePath) property, of the Terminal Services Home Directory (TerminalServicesHomeDirectory) property, or of other Terminal Services properties that are defined on that account. To resolve the problem, install the hotfix.

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. This problem was first corrected in Windows Server 2003 Service Pack 2.

For more information, click the following article number to view the article in the Microsoft Knowledge Base: The third-party technologies that this article discusses are developed by organizations that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these technologies.