Microsoft KB Archive/930218

From BetaArchive Wiki
Knowledge Base

Error message when you create the trusted side of a trust between Windows Server 2003-based domains: "The parameter is incorrect"

Article ID: 930218

Article Last Modified on 1/4/2007


  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)


Consider the following scenario. You have two Windows Server 2003-based domains. The domains reside in two separate forests together with other domains. You want to create a trust between these two domains. However, when you try to create the trusted side of this trust, you receive the following error message:

The parameter is incorrect

This problem occurs when you use either the New Trust Wizard or a netdom trust command to create the trust.


Before the Local Security Authority (LSA) creates the trust, the LSA verifies the consistency of the parameters. Between the new trust partner and all other domains that are in the same forest as the trust partner, the following items must be unique:

  • The NetBIOS name of the domain
  • The fully qualified domain name (FQDN) of the domain
  • The security identifier (SID) of the domain

You cannot create the trust if one of the three items has duplicates.


If the names of two domains collide, you can rename one of the domains. If the SIDs of the domains are duplicate, you have to remove one of the domains. Typically, this situation occurs when one of the following scenarios exists:

  • One domain was cloned from the other domain.
  • Before a computer became the first domain controller in either of the two domains, you clone this computer without using the SYSPREP tool.

Alternatively, you can migrate one of the domains to a new domain. However, you cannot migrate a domain to a new SID by using the sIDHistory property. Even if you successfully create a trust after you migrate one of the domain SIDs, you still have duplicate SIDs in user access tokens. Then, users who have duplicate SIDs can access resources that they should be unable to access.


For more information about the netdom trust command, visit the following Microsoft Web site:

For more information about the sIDHistory property and migration, click the following article number to view the article in the Microsoft Knowledge Base:

322970 How to troubleshoot inter-forest sIDHistory migration with ADMTv2

Keywords: kberrmsg kbtshoot kbexpertiseinter kbprb KB930218