To *establish* the trust you generally need to have short-name resolution. Only 2 Windows 2003 Full Native Mode Forests can establish a trust using Kerberos. All other trusts will use NTLM, hence you need NetBIOS name resolution.
You don't have to have WINS, LMHOSTS files also work. I do have a config where an external trust also includes replicating WINS partners between the organizations for legacy support of some really old applications but it's definitely not required. It does make working with the trust simpler but I have also gone the LMHOSTS route before. I sure wouldn't suggest installing WINS just for the purpose of establishing the trust. I don't recall all the details of your dilemma but one hopes that the NetBIOS names of your domains are different...That has bitten people in the arse before -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2008 9:37 AM To: NT System Admin Issues Subject: Re: How to create a trust? Interesting! Does this mean, then, for a trust to work better, WINS servers should be running at each domain? -------------------------------------- Richard McClary, Systems Administrator ASPCA Knowledge Management 1717 S Philo Rd, Ste 36, Urbana, IL 61802 217-337-9761 http://www.aspca.org "Ben Scott" <[EMAIL PROTECTED]> wrote on 11/14/2008 09:08:39 AM: > On Thu, Nov 13, 2008 at 2:45 PM, Free, Bob <[EMAIL PROTECTED]> wrote: > > Creating trusts is generally also dependent on short-name(NetBios) > > Ah. Doesn't surprise me. Good to know. :) > > > NetBios is not as dead as some would have you think. > > Yah. Microsoft keeps says NetBIOS is decreated, but then you run > across MSKB articles saying "such and such won't work if NetBIOS is > disabled". > > I suspect NetBIOS is never going to go away completely. NetBIOS's > naming protocols are built-in to Windows in some rather core places. > In particular, the security subsystem and SMB. Historically, > Microsoft has not had much luck upgrading that stuff. I suspect that > code is so old and poorly written (some of dates back to Win 3.x!) > nobody is left who understands what it all does. By all appearances, > AD couples on to those things, rather than replacing them. Usually > the UI hides all this, but the old stuff still pokes through on > occasion, in error messages, the registry, and so on. > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
