No announcement yet.

Unable to establish Windows NT 4.0 and Windows 2003 Trust

  • Filter
  • Time
  • Show
Clear All
new posts

  • Unable to establish Windows NT 4.0 and Windows 2003 Trust

    I am trying to establish a two-way trust with my Windows 2003 Domain
    (SP1 is
    installed on the lone domain controller) in preparation of a migration
    I receive a message COULD NOT find Domain Controller for this domain
    trying to add the trusted domain from my Windows NT 4.0 domain. I've
    q178640 and this did not resolve my problem. I am able to setup the
    trust to
    the NT 4.0 DOMAIN from the Windows 2003 domain but not from the NT 4.0

    domain. I am also able to add the TRUSTING domain into the list in my
    NT 4.0
    Domain. I have verified that netbios is working from both the pdc and
    the pdc emulator by typing nbtstat -c and seeing 1b,1c,20,03 entries to
    each domain and domain controller. I have added the entries
    appropriately in my lmhosts file. Don't know what else to do. The WINS
    server is in the NT4.0 domain and the W2K3 Domain controller is pointing
    to it with Netbios over tcp/ip enabled.

  • #2
    Try disabling SMB signing in the AD's Default Damain Controller Policy.
    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"


    • #3
      I'm not sure that disabling SMB signing will do anything, because NT4 supports it.

      Get rid of the LMHOSTS file. If you have WINS you don't need it. It's just an extra source of errors.

      Is there a chance you are having network problems? Stuff like port 135 being blocked?

      I see that you checked netbios resolution already, but just to be sure, you can actually query the WINS server with nblookup (


      • #4
        SMB signing is supported is NT but it's not on by default. It has to be enabled.

        I also recall reading some MS documentation that states you can't have this enabled when communication is NT <-> 2003. I think you can get away w/ disabling the "Digitally sign communications (always)" policy.

        Proven e-Commerce Solutions
        340 N. 12th St.
        Suite 200
        Philadelphia PA 19107


        • #5
          You need to enable SMB on SP3, but since SP4 it is on by default. And everybody is running SP6a now... right? I never had a problem with SMB signing between NT4 and W2003.

          It would be nice to hear from jseay1 again ... we can all learn from these types of problems.