One thing to keep in mind is the value you have set for RestrictAnonymous. See Technet articles 178640 and 296403 for details.
Mike Thommes -----Original Message----- From: Graham Turner [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 28, 2003 7:35 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] windows 2000 / NT4 trust please can anyone pass on the in's and out's of diagnosing failure of trust relationship establishment. the trust that is required is two-way between an NT4 domain (source in the context of migration) and a W2k domain (target) i am able to establish easily enough the trust; NT4 trusts W2K however for love nor money am i able to establish the other way round; w2k trusts NT4 get whole loads of access denied messages ... thought for a moment it might have something to do with the presence of the security principal in the NT4 domain which is required for migration; NT4$$$ as the accounts used for trusts are the domain name with $ appended - red herring me thinks ?? but then as i read it in the context of the failed trust the interdomain trust account used would be W2K$ defined in the NT4 domain ???? the other issue that looked a bit hookie was the removal of the "Default Doman policy" GPO from the w2k domain - not me gov !! perhaps there are values in there that are relevant to the trust failure - notwithstanding it would be ideal to understand the full troubleshoot of a failed trust have been using "nltest" but all we get returned is a generic "access denied" error; event logs give us the following; 5721 - session setup to DC for NT4domain failed because DC does not have account for w2k dcname 8B-01-00-C0 3210 - failed to authenticate with nt4 dcname; 22 00 00 C0 apologies for the essay but have attempted to include all relevant information GT List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
