cancel
Showing results for 
Search instead for 
Did you mean: 

BE2014 backup 2008R2 AD server - can't establish trust

Luke_Cassar
Level 5

Hi,

I have been running BE2014 for a while now and we recently upgraded our 2003AD to a 2008AD server (the old machine was retired and the new machine has taken over).

I have deployed the remote agent for Windows onto the 2008 AD server, but it cannot establish a connection or trust relationship. The error returned is:

Unable to establish trust with ADSERVER

Failed to log on to Microsoft Windows.
Ensure that your logon credentials are correctly entered and that they meet the following minimum requirements to log on to a Windows computer:

   - The credentials used are a member of the Backup Operators group.
   - For Windows Vista/2008 and later, the credentials have the Log on as a batch job privilege.
Additional privileges may be required to access resources on the Windows computer.

Calling Method 'SetServerTrust'
BEMSDK Method 'MediaServerAdvertisementUpdate'
BEMSDK Failure Code: E0000383

I created a BackupExec service account which is a domain admin, etc. This account was used to backup the old AD server.

As this machine is an AD server, I cannot grant this account log on as a batch job.

Does anyone know what I can do to get this working so I can backup the AD?

Thanks!

3 REPLIES 3

CraigV
Moderator
Moderator
Partner    VIP    Accredited

Uninstall the RAWS agent and then push-install it from the media server to re-establish the trust.

 

Thanks!

Thanks.. is that likely to require a reboot of the sever?

Update: It didn't require a reboot, but the server still reports the same error message when trying to establish the trust.

In the end, it worked with the domain administrator account.. I don't really want to use this account though.. what is missing from my service account I wonder? It is a member of Administrators, Backup Operators, Domain Admins, Domain Users and Exchange Organization Administrators.

Do you know what is missing?

Thanks!!

CraigV
Moderator
Moderator
Partner    VIP    Accredited
On the account you wanted to use, remove it from the Backup Operators and Domain Users and try again...it might be some permissions issue where those 2 groups are applying restricted settings.