Win 7 RC 7100 new install, joined to 2000 Server SP4 AD Domain. When I try to add a domain user account to 7, errors : " The trust relationship between this workstation and the primary domain failed ". ( Already have 2 x 7RC machines joined, incl my primary workstation: I like 7 ). I have multiple times left/rejoined the domain, even: joined the machine to a Workgroup, deleted machine account from AD, booted up as workgroup user, added machine name to AD, waited 20 mins, rejoined 7 to Domain, booted in as Domain user, tried to add another user, always same prob. Left domain, changed PC name, rejoined, same. Local ip settings for DNS are correct (below). No network mapped drives. Network browsing is fine. Same prob with diferent user acounts. ipconfig /release, /renew, same. Stumped. Thanks!btw Posting from Firefox gives "Unknown Error". From IE8 works. Much could be said about that.>ipconfig /allWindows IP Configuration Host Name . . . . . . . . . . . . : EPHEMERAL Primary Dns Suffix . . . . . . . : naitauba.local Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : naitauba.localEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : naitauba.local Description . . . . . . . . . . . : Intel(R) PRO/1000 CT Network Connection Physical Address. . . . . . . . . : 00-0C-F1-A1-E9-4C DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::a183:b8e1:574a:46fb%11(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.0.27(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.254.0 Lease Obtained. . . . . . . . . . : Thursday, June 25, 2009 3:09:56 PM Lease Expires . . . . . . . . . . : Saturday, July 25, 2009 3:09:55 PM Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.4 DHCPv6 IAID . . . . . . . . . . . : 234884337 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-C0-6B-52-00-0C-F1-A1-E9- DNS Servers . . . . . . . . . . . : 192.168.0.11 192.168.0.10 NetBIOS over Tcpip. . . . . . . . : EnabledTunnel adapter isatap.naitauba.local: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : naitauba.local Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes

Had a thought, and tried to add a new Domain account user to my7 RC 7100 workstation, cant, same issue as original post. Hadn't needed to try before, its just been my domain account and the local admin account. Plot thickens..

This article may help you.

Adam, thank you, I should have mentioned the article number but, this is exactly what I tried and why i tried it. Multiple times. Doesn't help, unfortunately.

More me trying to solve it: The Domain has 2 x 2000 Server DCs. Event Log in FSMO Master has these, EventIDs: 5790 NETLOGON errors "(7 PCname), Access is denied". 5723 NETLOGON No Trust Account in the security database for this computer. 677 Security. Service Ticket Request Failed. Failure code 0x29 Turned Firewall Off, same problem. Did this: Local Security Policy-Local Policies-Security Options-Network Security:LANManager authentication level. was undefined. Tried LM & NTLM same problem. LM & NTLM -use NTLM2 if negotiated same problem. Help please ! Thanks.

I assume your Windows 2000 DCs run with Service Pack 4.If that is the case, I think you should have a look at the local Group Policy of the Windows 7 system.Start gpedit.msc and browse to Computer Configuration | Windows Settings | Security Settings | Local Policies | Security OptionsNow disable the following policy settings:- Domain member: Digitally encrypt or ssign secure channel data (always)- Domain Member: Require strong (Windows 2000 or later) session keyCan you now retry joining the client to the domain?Ray

Ray, This works on my main 7RC workstation; I can now add another Domain User account to it. I'm offsite and can't now try the new 7RC box I primarily posted about. But it looks like you've cracked it. Will confirm on that machine and post back, soon as I can. Looking good..

Didn't fix it. On the 7RC machine I need to be able to add a Domain User to, still get the same error. When at Add New User - Select User, it sees all the users in AD. I add one, set Level of Access, Finish - "The user could not be added because the following error occurred - ..Trust Relationship between this workstation and the primary domain Failed" Left the domain, removed pc record from AD on both DCs, changed the PC name for good luck, booted into workgroup, rejoined domain and rebooted as domain member. Same Tried it again on my main 7RC workstation, also gives the same error. Yet last night (remoted in) that one was OK. 2000 SP4 Domain, yes.

Can you check the domain policy for these settings? It looks like your main 7RC workstation picked up different settings between the two latest tests.Ray

Both DCs have the same settings: Domain Security Policy ALSO Domain Controller Security Policy- WindowsSettings - SecuritySettings - LocalPolicies - SecurityOptions Secure Channel - Digitally Encrypt or sign secure channel data (always) - not defined Secure Channel - Require strong (Windows 2000 or later) session key - not defined diagnosis shows one DNS error on the DCs. I dont think its related but need to mention it. Can paste full results if usefull. dcdiag (no other parameters) on both DCs is good. netdiag on one DC is good. netdiag on the other DC fails the DNS test: DNS test . . . . . . . . . . . . . : Failed [FATAL]: The DNS registration for 'Atlas.naitauba.local' is incorrect on all DNS servers. PASS - All the DNS entries for DC are registered on DNS server '192.168.0.10 and other DCs also have some of the names registered. PASS - All the DNS entries for DC are registered on DNS server '192.168.0.11 and other DCs also have some of the names registered. tried adding a domain user to my main 7RC station again - worked this time. tried the new 7RC again - same old Trust failed prob. thanks

uuh--oh Surely we can use 7 on a 2000 AD Domain?

Did a clean install of 7RC. Logged on as x, my name, which is the same name as a Domain administrator. Joined PC to domain. Added domain user x OK (same as before). Still cannot add another domain user account.

If I were you I would first focus on fixing the AD errors you are seeing. If AD or SYSVOL replication has issues or your clients improperly resolve the DC's in your domain this can also result in unexpected behavior. Apparently there is different communication to the domain when you connect via VPN.Can you post the outcome of the following commands?1. Start the Command Prompt2. Type:NSLookupset type=allAtlas.naitauba.localI assume this is is your AD domain name.You should also check the event logs on the DCs to see if any errors are reported regarding SYSVOL and AD replication or security.Ray

Ray, Thank you so much. Point well taken re AD errors. I'm dying to sort them, don't yet know enough myself, and am awaiting our summoned ally. (a big shoutout to "sportsmark"). Ephemerals is the new 7RC box I wish to add a domain user to. Ajax is primary DNS server and FSMO master DC. Atlas is the 2nc DC and has 1 NIC with 2 IPaddresses, one is the email server. Microsoft Windows [Version 6.1.7100] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Users\chris.NAITAUBA>nslookup Default Server: ajax.naitauba.local Address: 192.168.0.11 > set type=all > atlas.naitauba.local Server: ajax.naitauba.local Address: 192.168.0.11 atlas.naitauba.local internet address = 192.168.0.4 atlas.naitauba.local internet address = 192.168.0.10 > exit C:\Users\chris.NAITAUBA>nslookup Default Server: ajax.naitauba.local Address: 192.168.0.11 > set type=all > ephemerals.naitauba.local Server: ajax.naitauba.local Address: 192.168.0.11 ephemerals.naitauba.local internet address = 192.168.0.27 > exit

dcdiag, netdiag and gpotool are now clean and good on both DCs. AD and SYSVOL replication also test good.One DC still has two IP addresses on one NIC.Adding a domain user to the 7RC box (which is itself a domain member)still (as before) intermittently fails with the Trust Relationship failed error. Other times (as before) it suceeds.It seems the answer is here:http://social.technet.microsoft.com/Forums/en-US/w7itpronetworking/thread/7d0bb953-3514-4475-8f00-5f624f5f6b00