You are currently offline, waiting for your internet to reconnect

You May Be Unable to Establish a Trust Relationship Between Either Windows 2000 or Windows Server 2003 and Windows NT Domains

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

This article was previously published under Q295335
SYMPTOMS
You may be unable to establish a trust relationship between a Windows NT domain and either a Windows 2000 domain or a Windows Server 2003 domain. When you try to add the trust from the Windows 2000 domain, you may receive the following error message:
The trust cannot be created because no mapping between account names and security IDs was done.
When you try to add the trust from the Windows Server 2003 domain, you may receive the following error message:
Cannot Continue. The trust relationship cannot be created because the following error occurred: The operation failed. The error is: The specified user already exists.
When you attempt to add the trust from the Windows NT domain, you may receive the following error message:
The trust relationship could not be verified at this time.
You may receive an event 5721 (session setup failed) in the event log when you try to establish the trust.
CAUSE
This behavior can occur because the "Internet" domain name cannot be accessed. This domain name is a restricted name and it cannot be used for either a domain name or a computer name.

Although you can name a Windows computer or domain "Internet", you cannot establish a trust to a domain named "Internet" from Windows 2000.
RESOLUTION
To work around this behavior, do not use restricted names for computer names or domain names.

To facilitate access to a domain named "Internet" if the domain (or computer) already exists and it cannot be rebuilt:
  • Pass-through authentication can be used from the Windows 2000 domain to access the domain named "Internet".
  • Pass-through authentication should still function with the domain named "Internet".
  • Pass-through authentication occurs when a domain (or computer) contains a user account with the same name and password as a user in the Windows 2000 domain that needs to access the domain named "Internet".
For additional information about restricted names, click the following article number to view the article in the Microsoft Knowledge Base:
266633 "Computer name is already in use" error message when you add user names in Windows 2000
Properties

Article ID: 295335 - Last Review: 03/01/2007 21:13:03 - Revision: 2.4

Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows NT Server 4.0 Standard Edition, Microsoft Windows Server 2003, Standard Edition (32-bit x86), Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)

  • kberrmsg kbnetwork kbprb kbtrusts KB295335
Feedback
dy>.gif?DI=4050&did=1&t=">