Solved

Event ID: 32772 LsaSrv

Posted on 2007-11-21
7
2,839 Views
Last Modified: 2013-04-09
I have one AD 2003 Forest with two sites. Two DCs in each site. Two-way trust between the sites.
Call them domainA (schema master),  domainB

One the PDC in domain A it logs Event 32772, Source LsaSrv.
"The interdomain trust account for the domain 'domainB' could not be created. The return code is the data".
Data: 0000:c0000063 (word)

The trusts is up and running and seems find. I have read the http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_2003_Active_Directory/Q_22582245.html and a similar case on Mark Minasis forum, but it don't help me.

Dcdiag looks fine, nltest /query is successfull on each DC.

Problem seems to be that AD don't know the trust account password for the user 'domainB$' located under Users in AD Users and Computers. Should this account be disabled? Anyone know how to reset the password? (with i.e. nltest /reset)


0
Comment
Question by:snusgubben
  • 3
  • 2
7 Comments
 
LVL 3

Expert Comment

by:callieman
ID: 20327016
0
 
LVL 21

Author Comment

by:snusgubben
ID: 20327071
I have read them but they don't have the solution.

If i run:
"netdom trust domainA /domain:domainB /reset "
the get the following msg: "The specified user already exists".

"netdom trust domainA /domain:domainB /verify"
shows the trust between domainA and domainB is Ok.


"repadmin /showreps" shows that the last attempt replication between all DC was successful.
0
 
LVL 3

Expert Comment

by:callieman
ID: 20327121
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 21

Author Comment

by:snusgubben
ID: 20373271
Hi callieman!

I ran the tool and read all the logs it created. I couldn't find any errors!
0
 
LVL 21

Accepted Solution

by:
snusgubben earned 0 total points
ID: 20401873
I found the solution.

For anyone interested:
One forest, two trees with Tree-root trust.

DC-a: schema master (Tree A, domainA)
DC-b: domain controller in Tree B, domainB
From the schema master:

NETDOM TRUST local_domain /Domain:remote_domain /UserD:administrator /PasswordD:* /UserO:administrator /PasswordO:* /Reset /TwoWay

where "local_domain" is the domain on which the trust is being created and "remote_domain" is the parent, child,
or tree root domain being trusted. In either case, the fully qualified domain name (FQDN) should be used.
0
 
LVL 1

Expert Comment

by:modus_operandi
ID: 20437867
Closed, 500 points refunded.
modus_operandi
EE Moderator
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article runs through the process of deploying a single EXE application selectively to a group of user.
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question