Event ID: 32772 LsaSrv

I have one AD 2003 Forest with two sites. Two DCs in each site. Two-way trust between the sites.
Call them domainA (schema master),  domainB

One the PDC in domain A it logs Event 32772, Source LsaSrv.
"The interdomain trust account for the domain 'domainB' could not be created. The return code is the data".
Data: 0000:c0000063 (word)

The trusts is up and running and seems find. I have read the http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_2003_Active_Directory/Q_22582245.html and a similar case on Mark Minasis forum, but it don't help me.

Dcdiag looks fine, nltest /query is successfull on each DC.

Problem seems to be that AD don't know the trust account password for the user 'domainB$' located under Users in AD Users and Computers. Should this account be disabled? Anyone know how to reset the password? (with i.e. nltest /reset)


LVL 21
snusgubbenAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
snusgubbenConnect With a Mentor Author Commented:
I found the solution.

For anyone interested:
One forest, two trees with Tree-root trust.

DC-a: schema master (Tree A, domainA)
DC-b: domain controller in Tree B, domainB
From the schema master:

NETDOM TRUST local_domain /Domain:remote_domain /UserD:administrator /PasswordD:* /UserO:administrator /PasswordO:* /Reset /TwoWay

where "local_domain" is the domain on which the trust is being created and "remote_domain" is the parent, child,
or tree root domain being trusted. In either case, the fully qualified domain name (FQDN) should be used.
0
 
calliemanCommented:
0
 
snusgubbenAuthor Commented:
I have read them but they don't have the solution.

If i run:
"netdom trust domainA /domain:domainB /reset "
the get the following msg: "The specified user already exists".

"netdom trust domainA /domain:domainB /verify"
shows the trust between domainA and domainB is Ok.


"repadmin /showreps" shows that the last attempt replication between all DC was successful.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
calliemanCommented:
0
 
snusgubbenAuthor Commented:
Hi callieman!

I ran the tool and read all the logs it created. I couldn't find any errors!
0
 
modus_operandiCommented:
Closed, 500 points refunded.
modus_operandi
EE Moderator
0
All Courses

From novice to tech pro — start learning today.