[Samba] Trust creation - ERROR: LOCAL_DC: CreateTrustedDomainEx2 - ERROR(0xC00000E0) - The specified domain already exists.

[Emilian Mitocariu]

Hi,

I'm trying to create a trust between a samba and a windows AD. The samba
DCs (samba.local) are running on ubuntu 20.04 with samba 4.12.5 from
apt.van-belle.nl repo and a bind9 DNS backend (which forwards to the other
domain DCs). The windows DCs (win.local) are running on windows server 2019
and I've created a conditional forwarder for the other domain. I've checked
and all DCs are able to resolve both domains.

When I try to create the trust from one of the samba DCs it seems to be
able to create the trust on the win.local part, but fails to create the
local part, claiming the domain already exists. This is the command I used
and its output:

# samba-tool domain trust create win.local -k no -U WIN\\admin.user
--type=external
LocalDomain Netbios[SAMBA] DNS[samba.local]
SID[S-1-5-21-998273489-1452201721-1145077863]
RemoteDC Netbios[WIN-DC7] DNS[win-dc7.win.local]
ServerType[PDC,GC,LDAP,DS,KDC,TIMESERV,CLOSEST,WRITABLE,FULL_SECRET_DOMAIN_6,ADS_WEB_SERVICE,DS_8,__unknown_00038000__]
Password for [WIN\admin.user]:
RemoteDomain Netbios[WIN] DNS[win.local]
SID[S-1-5-21-2079746133-3759279922-2197938680]
Creating remote TDO.
Remote TDO created.
Setting supported encryption types on remote TDO.
Creating local TDO.
Error: CreateTrustedDomainEx2 failed locally - cleaning up
Deleting remote TDO.
ERROR: LOCAL_DC[SAMBA-DC3]: CreateTrustedDomainEx2 - ERROR(0xC00000E0) -
The specified domain already exists.

"samba-tool domain trust list" shows nothing and "samba-tool dns zonelist"
does not include win.local, only samba.local. I've also tried to enable
debug level on the command from 1 up to 10, but I didn't see anything of
help.

Any idea what could be the actual problem and what can I do?