error received when migrating trusts: the specified domain does not exist or cannot be contacted. e (NETIQKB5686)

  • 7705686
  • 02-Feb-2007
  • 23-Aug-2007


Domain Migration Administrator 7.1

Error: "The specified domain does not exist or cannot be contacted. error code=1355".

DMA returns the error when migrating trusts.


1. The most likely cause of this error is a name resolution problem. The DMA console is not able to find the PDC of a domain that trusts or is trusted by the source domain using NetBIOS name resolution.  This error is discussed in this Microsoft article: Microsoft Knowledge Base Article - 285800 

2. A second possible cause for this issue is that the account used to logon to the Domain Migration Administrator does not have the correct persmissions. 

3. A third possible cause is that the communication is being filtered by a firewall.


 1. If your DMA console is using WINS to resolve NetBIOS names,  make sure that the DMA console machine is configured to use the correct WINS server, verify that the DMA console has NetBIOS over TCP/IP enabled, and verify that the WINS server has a correct entry for the PDC in the domain that trusts or is trusted by the source domain.

2. The following permission configuration has been found to work well:

Domain A has a 2 way trust with Domain B.  Domain B is the migration source domain, Domain C is the migration target domain.  Domain B has 2 way trust with Domain C.  Domain A has no trusts with Domain C.  You want to use DMA to migrate the trusts that Domain A has with Domain B so that Domain A will have trust relationships with Domain C.

Log in to the DMA console using an account from Domain B that is an Administrator in Domain B.  This user account should also a member of 'Domain C\Administrators' group and 'Domain A\Users' group.

Run the 'Migrate Trusts' wizard.  You will be prompted for the credentials of an account that is an administrator in Domain A.  The wizard will then create the trusts between Domains A and C.

3. Reconfigure any firewalls to allow communication with the source domain.

Additional Information

Formerly known as NETIQKB5686