event id 40960 lsasrv when creating forest trusts relationships

Hi!

I was at a costumer who needed to have a bi-directional Trust relationships with diferent forests. One forest 2008 R2 and other 2003.

Every forest had one DC with the same netbios name and I created the Trust relationships fine but when I click on Verify an alert appeared saying that “The secure channel (SC) verification on domain controller \\SRVAAAAA of domain AAAAA.local to domain BBBBB.local failed with error: Access is denied.”

The event viewer show the warning event id 40960 lsasrv

The Security System detected an authentication error for the server <service>/<server name>. The failure code from authentication protocol Kerberos was “<error description> (<error code>)”.

The solution for me was to rename one of the Dcs.

Here you can find more info about the problem:

http://technet.microsoft.com/en-us/library/cc784334.aspx

http://blogs.technet.com/b/askds/archive/2009/04/10/name-suffix-routing.aspx

Regards!

Anuncios