Microsoft KB Archive/329870

= &quot;Account Not Authorized to Log In from This Station&quot; Error Message When You Try to Create a Trust Between Windows NT and Windows 2000 Domains =

Article ID: 329870

Article Last Modified on 2/28/2007

-

APPLIES TO


 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Server

-



This article was previously published under Q329870



SYMPTOMS
When you try to create or delete a trust between a Microsoft Windows NT domain and a Windows 2000 domain, also known as a down-level trust, you may receive the following error message:

The account is not authorized to log in from this station.

Existing down-level trusts may also not authenticate users from the trusted domain. Some users may have difficulty logging on to the domain and they may receive an error message that states that the client cannot find the domain.



CAUSE
This issue may occur if the Windows 2000 domain controller has a local computer policy that is configured to require secure channel communications. Windows NT does not support digitally-signed or encrypted secure channel communications. Therefore this policy is not valid in your mixed environment.



RESOLUTION
To resolve this issue, turn off this security policy on the Windows 2000 domain controller. To do this, follow these steps:
 * 1) Click Start, point to Programs, point to Administrative Tools, and then click Local Security Policy.
 * 2) In the left pane, click Local Policies, and then in the right pane, double-click Security Options.
 * 3) In the right pane, double-click Secure channel: Digitally encrypt or sign secure channel data (always).
 * 4) In the Local Security Policy Setting dialog box, click Disabled, and then click OK.

Note: You can also turn off the security policy by using Group Policy Objects (GPO). For additional information about how to configure GPO, click the following article number to view the article in the Microsoft Knowledge Base:

322143 HOW TO: Administer GPOs in Windows 2000

Keywords: kberrmsg kbprb KB329870

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.