Well back to the dreaded configuring a trust. I am trying to create a trust between 2003/2008 AD and a NT 4 domain. Setup: Dual 2008 R2 SP1 domain controllers. 1 Win 2003 Server Sp2. Running as PDC Emulator, RID, Infrastucture and Operations manager (just in case) I followed the KB 325874 but to no avail. This led me to KB 889030 and followed it but there 1 difference. Under the GPO is states “Network access: Named pipes can be accessed anonymously” and set it to enable. That option does not exist in 2008R2 you have to select (input) what you want to allow. On the NT 4 domain I get access denied and the following Error in the event log on the Win 2003 server. Source: Netlogon EventID: 5721 The session setup to the Windows NT or Windows 2000 Domain Controller \\CTANT for the domain CTACORP failed because the Domain Controller did not have an account CTANEW$ needed to set up the session by this computer YSV07. ADDITIONAL DATA If this computer is a member of or a Domain Controller in the specified domain, the aforementioned account is a computer account for this computer in the specified domain. Otherwise, the account is an interdomain trust account with the specified domain. I have spent 2 day pouring over the forums and goggled till my eyes are sore but can’t seem to find the secret to make this work. On the NT 4 server I get ID: 529 Unknown Username from CTANEW ID:5723 Session setup from the computer AD2003 failed because there is no trust account. Any help would be greatly appreciated Thanks

Hello, see here about trust between NT4 and Windows server 2008 R2, which is not possible: http://blogs.technet.com/b/askds/archive/2010/07/30/friday-mail-sack-newfie-from-the-grave-edition.aspx http://social.technet.microsoft.com/Forums/en/windowsserver2008r2general/thread/ca7911ec-4f18-4757-808c-e34db8084bcf http://support.microsoft.com/kb/942564/Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

I am trying to setup the trust between the 2003AD server and NT4. The forest is running in 2003 mode.

Trusts between 2008 R2 DC's and NT4 domains are not supported http://blogs.technet.com/b/askds/archive/2010/07/30/friday-mail-sack-newfie-from-the-grave-edition.aspx Windows Server 2008 R2 PDCE’s cannot create an outbound or two-way trusts to NT 4.0 due to fundamental security changes . We have a specific article in mind for this right now, but the KB942564 was updated to reflect this also. No, this will not change. No, there is no workaround. I know the PDC edmulator is on the 2003 server, but the presence of the 2008 R2 DC's may be enough to trip it up.

Trust relationships are NOT supported between NT 4.0 and 2008 R2 DCs. support of that type of external trust ended at 2008. its not enough to have one 2003 Dc in the forest. DCs in one domain will attempt to establish secure channels with the DC is the other domain. Windows NT 4.0 and 2008 R2 Domain Trust Relationships http://www.anitkb.com/2010/06/windows-nt-40-and-2008-r2-domain-trust.html Visit: anITKB.com, an IT Knowledge Base.

Thanks for all the input. Alot of good info.

FYI Once I switched the NT to NTLM 2, the trust formed.

One thing is getting work-arounds in place vs. running under a supported configuration.Visit: anITKB.com, an IT Knowledge Base.