Unable to establish trust or Browse Failure
When I try to establish a trust or schedule a backup for a Windows 2012 Core Installation Domain Controller I get this error:
Failed to browse...
Failed to log on to Microsoft Windows.
Ensure that your logon credentials are entered and that they meet the following minimum requirements to log on to a Windows computer:
-The credentials used are a member of the Backup Operators group.
-For Windows Vista/2008 and later, the credentials hav ethe Log on as a batch job privilege.
Additional privileges may be required to access resources on the Windows computer.
I am running Backup Exec 2012 with Service Pack 2 on Windows Server 2008 R2 Std 64bit
My BE service account is
- A Domain Admin
- In the Backup Operators security group
- In the Exchange Organization Administrators security group
- Set explicitly as local admin, run as batch, and run as service
- Is NOT in the Domain Users group
I am backing up Windows 2003, 2008, and 2012 platforms successfully with this service account.
I am also backing up Windows 2012 Core File Server installations successfully with this service account.
There are 4 DCs running Core Installations that have this issue:
- When adding the DCs to BE it connected and installed with no issues.
- The services are present and running on the DCs.
- There are no event logs on the DCs or the BE Server referencing these attempts.
- Remote Desktop is enabled
- Firewall is turned off
- These attempts do not lock out the account
All responses are greatly appreciated :)
After calling Symantec Tech Support & jumping through lots of Change Management hoops I modified the "Default Domain Controllers Policy" GPO -
Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies/User Rights Assignment
I added my BE Account to:
- Act as a part of Operating System ( Only for Windows Server 2000 ).
- Create a token object.
- Log on as a service.
- Logon as a batch job.
- Manage auditing and security log.
- Backup files and directories.
- Restore files and directories.
Doing all this locally on the problem servers did nothing, but applying the GPO worked.