Okay, here is the situatiom. I manage a domain, call it child.parent.localThere is another domain, parent.local. There is a 1 way non-transative trust between child.partent.local and parent.local. For XP, and Server 2003 I can successfully bind SIDs from parent.local and login, and everything works great. For Vista, I join the child.parent.local domain, can resolve user names from parent.local (ie I can add them to local groups, like the Administrators group). But then I try to login using a parent account (PARENT\usernmae or username@PARENT or PARENT.local\username or username@parent.local) I get the following error:"The security database on the server does not have a computer account for this workstation trust relationship" I can login with child.parent.local accounts fine. Here is what I have tried: Rejoining the PC to the domain Putting the PC in it's own OU with Block all Inheritance (even there are few GPOs) Changed the DNS suffix to parent.local Enabled and Disabled WINS The only thing I haven't tried is through the piece of sh*t out the window but that might be my next move. Please help Thanks, Mike

OK, I just built another Vista SP1 machine and this machine does the EXACT same thing!This must be the designed behavior, but how to I allow users from another trusted domain log in! I've googled everything I can think of and nothing. The MS books say nothing about this. Has anybody worked this out yet?

Hi, This issue may be due to the type of current trust between the domains is downgrade or NT4. In Windows Server 2008 and Windows Vista SP1, a design change is made to address security concerns regarding a downgrade attack. Therefore, if the type oftrust is NT4, no failover to NTLM authentication will be performed after the Kerberos authentication failed, which result in the logon will fail. You could verify the trust type by using the command nltests /domain_trusts. To resolve the issue, please recreate the trust between the domains to eliminate the downlevel trust type. After that, the trust typeshould now be NT5 (uplevel). Hope it helps.

Hey Joson, Thanks for the reply! You are in are right about the trust type, it is NT4. You got some kind of knowledge about Windows security! Anyway, recreating the trust might be a big, big problem for me. Is there any kind of workaround for Vista that you know of? Thanks, MC