Event ID: 32772 LsaSrv

I have one AD 2003 Forest with two sites. Two DCs in each site. Two-way trust between the sites.
Call them domainA (schema master),  domainB

One the PDC in domain A it logs Event 32772, Source LsaSrv.
"The interdomain trust account for the domain 'domainB' could not be created. The return code is the data".
Data: 0000:c0000063 (word)

The trusts is up and running and seems find. I have read the http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_2003_Active_Directory/Q_22582245.html and a similar case on Mark Minasis forum, but it don't help me.

Dcdiag looks fine, nltest /query is successfull on each DC.

Problem seems to be that AD don't know the trust account password for the user 'domainB$' located under Users in AD Users and Computers. Should this account be disabled? Anyone know how to reset the password? (with i.e. nltest /reset)


LVL 21
snusgubbenAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

calliemanCommented:
0
snusgubbenAuthor Commented:
I have read them but they don't have the solution.

If i run:
"netdom trust domainA /domain:domainB /reset "
the get the following msg: "The specified user already exists".

"netdom trust domainA /domain:domainB /verify"
shows the trust between domainA and domainB is Ok.


"repadmin /showreps" shows that the last attempt replication between all DC was successful.
0
calliemanCommented:
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

snusgubbenAuthor Commented:
Hi callieman!

I ran the tool and read all the logs it created. I couldn't find any errors!
0
snusgubbenAuthor Commented:
I found the solution.

For anyone interested:
One forest, two trees with Tree-root trust.

DC-a: schema master (Tree A, domainA)
DC-b: domain controller in Tree B, domainB
From the schema master:

NETDOM TRUST local_domain /Domain:remote_domain /UserD:administrator /PasswordD:* /UserO:administrator /PasswordO:* /Reset /TwoWay

where "local_domain" is the domain on which the trust is being created and "remote_domain" is the parent, child,
or tree root domain being trusted. In either case, the fully qualified domain name (FQDN) should be used.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
modus_operandiCommented:
Closed, 500 points refunded.
modus_operandi
EE Moderator
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.