The article “How Domain Rename Works“ provides an overview on the types of trust relationships. See “Network security and Domain planning” and “How Domains and Forests work” for additional information on trust relationships.
The following are some examples of situations in which this error appeared:
- M207957 – On an NT 4.0 system, the problem will occur if the trust was broken at the accounts domain (trusted), but not the resource domain (trusting). Use the Netdom.exe to check the status of the trust and re-create the trust.
- M243655 and M257646 – In this case the problem appeared because the LMCompatibilityLevel setting is set to 4 on your domain controllers.
- M296403 - The problem occurs because the RestrictAnonymous value is set to level 2 on the Windows 2000 domain controller.
- M899496 – If an Active Directory domain controller cannot resolve the Security Identifier (SID) of a Microsoft Exchange service account that is from a trusted Windows NT domain, this problem will be seen.
M325874 has information on how to establish trusts with a Windows NT-based domain in Windows Server 2003.
As per Microsoft: "Contact your system administrator to reestablish the trust relationship using Windows 2000 Server Manager."
From newsgroup posts results that this error may occur if the process of establishing a trust relationship is not done properly. The suggestion is to recreate the trust. Sometimes, name resolution issue may create a problem. Verify the Wins or LMHOSTS configurations as well as the DNS setttings.
Symbolic code: ERROR_TRUSTED_DOMAIN_FAILURE
Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.
Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.