Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Event ID: 32772 LsaSrv

Posted on 2007-11-21
7
Medium Priority
?
2,899 Views
Last Modified: 2013-04-09
I have one AD 2003 Forest with two sites. Two DCs in each site. Two-way trust between the sites.
Call them domainA (schema master),  domainB

One the PDC in domain A it logs Event 32772, Source LsaSrv.
"The interdomain trust account for the domain 'domainB' could not be created. The return code is the data".
Data: 0000:c0000063 (word)

The trusts is up and running and seems find. I have read the http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_2003_Active_Directory/Q_22582245.html and a similar case on Mark Minasis forum, but it don't help me.

Dcdiag looks fine, nltest /query is successfull on each DC.

Problem seems to be that AD don't know the trust account password for the user 'domainB$' located under Users in AD Users and Computers. Should this account be disabled? Anyone know how to reset the password? (with i.e. nltest /reset)


0
Comment
Question by:snusgubben
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 
LVL 3

Expert Comment

by:callieman
ID: 20327016
0
 
LVL 21

Author Comment

by:snusgubben
ID: 20327071
I have read them but they don't have the solution.

If i run:
"netdom trust domainA /domain:domainB /reset "
the get the following msg: "The specified user already exists".

"netdom trust domainA /domain:domainB /verify"
shows the trust between domainA and domainB is Ok.


"repadmin /showreps" shows that the last attempt replication between all DC was successful.
0
 
LVL 3

Expert Comment

by:callieman
ID: 20327121
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 21

Author Comment

by:snusgubben
ID: 20373271
Hi callieman!

I ran the tool and read all the logs it created. I couldn't find any errors!
0
 
LVL 21

Accepted Solution

by:
snusgubben earned 0 total points
ID: 20401873
I found the solution.

For anyone interested:
One forest, two trees with Tree-root trust.

DC-a: schema master (Tree A, domainA)
DC-b: domain controller in Tree B, domainB
From the schema master:

NETDOM TRUST local_domain /Domain:remote_domain /UserD:administrator /PasswordD:* /UserO:administrator /PasswordO:* /Reset /TwoWay

where "local_domain" is the domain on which the trust is being created and "remote_domain" is the parent, child,
or tree root domain being trusted. In either case, the fully qualified domain name (FQDN) should be used.
0
 
LVL 1

Expert Comment

by:modus_operandi
ID: 20437867
Closed, 500 points refunded.
modus_operandi
EE Moderator
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question