The trust relationship cannot be modified. This could be caused by network problem or the objects that represent the trust relationship have become damaged. If the later, then the trust must be removed and recreated.
LsaCreateTrustedDomainEx on trusted_domain for trusting_domain failed with 0xc0000035
The command failed : err 0xc0000035
- You use a Windows 2000 domain that acts as the account domain, which is named "AccountDom."
- You use two other Windows NT 4.0 domains that act as resources domains, which are named "ResourceDom1" and "ResourceDom2."
- The domain controller sends name queries about Trusting_domain_1c.
The domain controller eventually sends name queries about Trusting_domain_1b).
- The domain controller sends the security account manager (SAM) logon request
- The domain controller sends a query for the primary domain controller (PDC).
- The domain controller establishes a Server Message Block Protocol (SMB) session to IPC$ of one domain controller from the trusting domain.
If this procedure fails, the domain controller establishes an SMB session without using credentials (it establishes an anonymous connection).
- The domain controller creates a \LSARPC pipe.
- The following data describes the Microsoft Remote Procedure Call (RPC) traffic that is related to LSA:
NOTE: The preceding call occurs twice if the return code is 0x1c010002.
Bind to UUID12345678-1234-ABCD-EF00-0123456789AB (is related to LSARPC)
Calls Lsarpc:LsarOpenPolicy2 (Opnum : 0x2C)
Calls Lsarpc: LsarQueryInformationPolicy2 (OpNum : 0x2E)
NOTE: This preceding call allows you to retrieve the name and SID of the system's primary domain.
Calls Lsarpc:LsarQueryInformationPolicy (Opnum : 0x7)
- The domain controller logs off the SMB session, and then disconnects.
A Windows trusting domain cannot use this trust. The network trace lists the trusting domain SID. Use the following command line to retrieve the SIDs for all the domains for which a given domain has trusts:
ID do Artigo: 311242 - Última Revisão: 1 de mar de 2007 - Revisão: 1