JSI Tip 6064. 'The account is not authorized to log in from this station' when creating a trust between Windows NT and Windows 2000 domains?

When you attempt to create (or delete) a trust between a Windows NT and Windows 2000 domain (AKA down-level trust), you receive:

The account is not authorized to log in from this station.

NOTE: Existing down-level trusts may not authenticate users from the trusted domain. Some users receive a message indicating that the client cannot find the domain.

If the Windows 2000 domain controller has enabled the Secure channel: Digitally encrypt or sign secure channel data (always) local policy, this error will occur because Windows NT does NOT support this secure channel communications.

To turn off the policy:

1. Open Local Security Policy in the Administrative Tools folder.

2. Navigate through Local Policies / Security Options.

3. Double-click Secure channel: Digitally encrypt or sign secure channel data (always) and set it to Disabled.

4. Press OK.

NOTE: Alternately, see How do I administer Group Policy objects (GPOs) in a Windows 2000?



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish