Reset machine account password - Certificate Services

  • Last Post 31 March 2016
adwulf posted this 19 March 2008

Dear all,

I have a 2K3 DC with lsasrv ID:32772 errors every 10 minutes, which
look a little like this:

The interdomain trust account for the domain europe.dom1.local could
not be created. The return code is in the data.

The data is: c00000063
The events are logged for both the domain which the DC serves, and the
forest root domain. Other domains in the forest don't get a mention.

Dcdiag /v shows one failure:

* Security Permissions Check for
[LTNDC04] LDAP bind failed with error 1323,
Win32 Error 1323.

>From searching about, it seems I need to do something along the lines
of what's described at:
"How to use netdom to reset the machine account password of a 2003
Domain Controller".

- This DC has the Certification Authority Service running on it - so
my question is:

Will resetting the machine account password cause issues with certification?


I'm the least you could do.


ken posted this 31 March 2016

Is the existing CA AD-integrated, or standalone?

How many certs have been issued?


If the answer to the last question is little or none (given it’s an SBS environment), it might just be easier to reissue all the certs

from a new CA. Optionally remove the previously issued certs and/or CA cert from clients, depending on what they are for. The main wrinkle I can think of is certs issued for EFS purposes – depending on how that’s been setup, you want to ensure you still have

a valid DRA.


If the answer is “a huge number”, then we need to look at migration approaches