ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

LsaLookupName2 error when creating new SymantecDLP service user, on a new Enforce 15.1 install

book

Article ID: 172382

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

When installing Enforce via the 15.1 MSI from command line, the wizard fails at the point of creating a new service account for Enforce - called "SymantecDLP" by default.

Error calling LsaLookupNames2: The trust relationship between the primary domain and the trusted domain failed. (HRESULT: 0x6fc)

Cause

Not completely known, but there are indications from customer environment that a Domain Controller was recently deleted while still remaining listed in Active Directory forest.

For additional details indicating this issue, this Microsoft Technet may prove useful:

https://social.technet.microsoft.com/Forums/en-US/4d916b60-f182-4406-af95-971de98d3a94/the-trust-relationship-between-the-primary-domain-and-the-trusted-domain-failed?forum=winservergen

Environment

15.1 clean install (not upgrade) - Username and Password has been entered for the Service User, and "next" button has been clicked, at the "Create a New Service User" step.

Resolution

If the customer cannot confirm the above solution in their Active Directory environment, try creating the DLP Enforce Service User in advance of the 15.1 installation - making sure it has been given "Logon As A Service" rights. Then choose the option for "Existing User" when prompted with the Service User option during the wizard.

Attachments