Hi guys,

Im trying to create trust relationship between two forests in virtual environment using windows 2008 R2 as follow :

-trust type : forest trust

-direction of the trust : two way forest trust

-side of trust : both this domain and the specified domain

-outgoing trust authentication level local forest : forest-wide authentication

-outgoing trust authentication level specified  forest : forest-wide authentication

  but I get error message in the end of create trust wizard :

the error is : The source objects SID already exist in the destination forest

.Both DNS servers in each forest configured with stub zone for each other

.Domain and forest functional level for both forests are :windows server 2008

. There wasnt any error in the local forest , but the remote forests DC has the following security events :

-          4776 : failure

-          4625: failure

Both servers were cloned in workgroup before prompted to a DC in each forest .

Any help and suggestions are appreciated , thanks in advance :)

Hello,

working with cloned machines is only recommended when using sysprep, so was this done?

See here about cloning and what may happen http://support.microsoft.com/kb/283833

Hi Meinolf ,

unfortunately No , is there a work around instead of wipe everything and start over ?

thanks ,

Hello,

I suggest to run sysprep on the machines, unfortunate there are some limitations, DCs are NOT supported http://technet.microsoft.com/en-us/library/cc722158(v=ws.10).aspx http://support.microsoft.com/kb/828287?wa=wsignin1.0 http://support.microsoft.com/kb/314828

In your case I see no other way around then demoting, running sysprep and then promote again. I am not sure if adding a clean DC, demoting the cloned ones may help here to keep at least the AD informations.