Windows 2000-Based Remote Access Server in a Windows NT 4.0-Based Domain Cannot Authenticate Users from Trusted Windows 2000-Based Domain (254155)


The information in this article applies to:

  • Microsoft Windows 2000 Server
This article was previously published under Q254155

SYMPTOMS

When you set up a Microsoft Windows 2000-based computer to be a remote access server in a Microsoft Windows NT 4.0-based domain, the Windows 2000-based remote access server cannot authenticate users who are members of another Windows 2000-based domain, even when a trust relationship has been established between the Windows NT 4.0-based domain and the Windows 2000-based domain.

RESOLUTION

To work around this behavior, use one of the following methods:

  • Move the Windows 2000-based remote access server from the Windows NT 4.0-based domain to the Windows 2000-based domain. This configuration enables the remote access server to query either the Windows 2000 Active Directory or a trusted Windows NT 4.0-based domain.

    OR

  • Set up an Internet Authentication Service (IAS) authentication server as a member of the Windows 2000-based domain. Remote access authentication requests against this server can successfully query either the Windows 2000-based domain or a trusted Windows NT 4.0-based domain.
Modification Type:MajorLast Reviewed:10/11/2002
Keywords:kbprb KB254155
©2002 Microsoft Corporation. All rights reserved.