Solved

Event ID: 32772 LsaSrv

Posted on 2007-11-21
7
2,809 Views
Last Modified: 2013-04-09
I have one AD 2003 Forest with two sites. Two DCs in each site. Two-way trust between the sites.
Call them domainA (schema master),  domainB

One the PDC in domain A it logs Event 32772, Source LsaSrv.
"The interdomain trust account for the domain 'domainB' could not be created. The return code is the data".
Data: 0000:c0000063 (word)

The trusts is up and running and seems find. I have read the http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_2003_Active_Directory/Q_22582245.html and a similar case on Mark Minasis forum, but it don't help me.

Dcdiag looks fine, nltest /query is successfull on each DC.

Problem seems to be that AD don't know the trust account password for the user 'domainB$' located under Users in AD Users and Computers. Should this account be disabled? Anyone know how to reset the password? (with i.e. nltest /reset)


0
Comment
Question by:snusgubben
  • 3
  • 2
7 Comments
 
LVL 3

Expert Comment

by:callieman
Comment Utility
0
 
LVL 21

Author Comment

by:snusgubben
Comment Utility
I have read them but they don't have the solution.

If i run:
"netdom trust domainA /domain:domainB /reset "
the get the following msg: "The specified user already exists".

"netdom trust domainA /domain:domainB /verify"
shows the trust between domainA and domainB is Ok.


"repadmin /showreps" shows that the last attempt replication between all DC was successful.
0
 
LVL 3

Expert Comment

by:callieman
Comment Utility
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 21

Author Comment

by:snusgubben
Comment Utility
Hi callieman!

I ran the tool and read all the logs it created. I couldn't find any errors!
0
 
LVL 21

Accepted Solution

by:
snusgubben earned 0 total points
Comment Utility
I found the solution.

For anyone interested:
One forest, two trees with Tree-root trust.

DC-a: schema master (Tree A, domainA)
DC-b: domain controller in Tree B, domainB
From the schema master:

NETDOM TRUST local_domain /Domain:remote_domain /UserD:administrator /PasswordD:* /UserO:administrator /PasswordO:* /Reset /TwoWay

where "local_domain" is the domain on which the trust is being created and "remote_domain" is the parent, child,
or tree root domain being trusted. In either case, the fully qualified domain name (FQDN) should be used.
0
 
LVL 1

Expert Comment

by:modus_operandi
Comment Utility
Closed, 500 points refunded.
modus_operandi
EE Moderator
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now