Announcement

Collapse
No announcement yet.

NT4 to 2008 external trusts - Are they possible?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • NT4 to 2008 external trusts - Are they possible?

    hi guys,

    I've been banging my head against a wall for a week now trying to get an NT4 domain to trust a 2008 domain. I've tried numerous things with the default domain controllers policy on the 2008 domain but to no avail.

    I can ping the 2008 DC's fomr the NT4 domain, I can also connect to shares hosted on the 2008 domain.

    I posted a thread on technet and someone said it wasnt possible because NT4 uses NTLMv1 to establish trust relationships and 2008 will only allow NTLMv2 communications. This would make some sense but I've read that people have created trusts in this scenario with success.

    Can anyone help?

    Thanks in advance.

  • #2
    Re: NT4 to 2008 external trusts - Are they possible?

    Hi,

    Have a look at this: http://support.microsoft.com/kb/942564/
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: NT4 to 2008 external trusts - Are they possible?

      Hello,

      I have already enabled teh Allow cryptography algorithms compatible with Windows NT 4.0 setting.

      Comment


      • #4
        Re: NT4 to 2008 external trusts - Are they possible?

        I'm not sure where you problem lies or if I fully understand you. To me it sounds you can connect from the NT4 domain to the 2008 domain, is that correct?
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: NT4 to 2008 external trusts - Are they possible?

          Hiya,

          Yes, i can make a connection from a server in the nt4 domain to a server in the 2008 domain. I can also ping both ways but when i try and set up the trust on the NT4 domain I get an error saying 'a domain controller could not be found' so I'm assuming its somethign to do with the 2008 domain denying communication.

          HYeres the thread I posted on technet: http://social.technet.microsoft.com/...6-272c53a5a703

          Comment


          • #6
            Re: NT4 to 2008 external trusts - Are they possible?

            Sounds like a resolving issue... What SP level had the NT4 box?
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: NT4 to 2008 external trusts - Are they possible?

              Hi. Its currently at SP6. I don't know if this is the high encryption pack or not though. Not sure how I can find out either.

              Comment


              • #8
                Re: NT4 to 2008 external trusts - Are they possible?

                Originally posted by Aeropars View Post
                Hi. Its currently at SP6. I don't know if this is the high encryption pack or not though. Not sure how I can find out either.
                You should have SP6a version on of NT , and with High Security pack (128 bit) .
                I remember that some servers didnt upgrade all of the three DLL files which are needed for high encryption.
                these 3 DLL files that needs to be checked, are
                • SCHANNEL.DLL
                • SECURITY.DLL
                • NTLMSSPS.DLL


                If i remember right the country information needed to be USA to have full 128-bit security, at least EU version had first only 64-bit version.
                We had this issue with NT 4 domain controllers and exchange 5.0 loooong time ago, So this everything is from my faint memory... only the file names are found from some old email.

                Comment


                • #9
                  Re: NT4 to 2008 external trusts - Are they possible?

                  What is you 2008 Domain/Forest Function Level?
                  MCSE 2003; MCTS Vista; Sec+; CCNA
                  Attitude Makes The Difference!
                  in other words you got to WANT to do it..

                  Comment

                  Working...
                  X