Event ID 22 — Active Directory Domain Services Trust Configuration

Applies To: Windows Server 2008

Active Directory Domain Services (AD DS) trusts are used to establish trust relationships between different Kerberos realms so that Kerberos clients can access resources.

Event Details

Product: Windows Operating System
ID: 22
Source: Microsoft-Windows-Kerberos-Key-Distribution-Center
Version: 6.0
Symbolic Name: KDCEVENT_TRUST_LOOP
Message: The KDC encountered a trust loop when building a list of trusted domains. This indicates that the route to the domain %1 from this KDC has more than one possible trust path.

Resolve

Remove the duplicate trust

To perform these procedures, you must be a member of the Domain Admins group, or you must have been delegated the appropriate authority.

Note: The domain that has a duplicate trust associated with it is identified in the event log message.

To remove the duplicate trust by using Active Directory Domains and Trusts:

  1. Log on to a computer that has Active Directory Domains and Trusts installed. It is installed by default on a domain controller.
  2. Click Start, point to Administrative Tools, and then click Active Directory Domains and Trusts.
  3. In the console tree, right-click the domain that contains the trust that you want to remove, and then click Properties.
  4. Click the Trusts tab.
  5. Click the trust to be removed, and then click Remove.
  6. Click Yes to remove the trust from both the local domain and the other domain.
  7. Provide administrative credentials for the reciprocal domain, and then click OK.

Verify

To perform this procedure, you must be a member of the Domain Admins group, or you must have been delegated the appropriate authority.

To verify the trust relationship by using Active Directory Domains and Trusts:

  1. Log on to a computer that has Active Directory Domains and Trusts installed. It is installed by default on a domain controller.
  2. Click Start, point to Administrative Tools, and then click Active Directory Domains and Trusts.
  3. In the console tree, right-click the domain that contains the trust you want to verify, and then click Properties.
  4. On the Trusts tab, under either Domains trusted by this domain (outgoing trusts) or Domains that trust this domain (incoming trusts), click the trust to be verified, and then click Properties.
  5. Click Validate.
  6. Click Yes, validate the incoming trust, and then click OK.

Active Directory Domain Services Trust Configuration

Core Security