Announcement

Collapse
No announcement yet.

The workstation trust relationship

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • The workstation trust relationship

    Hello Team,

    I have a been search around, but I havent be able to fine the answer Im looking for...

    I have a multiple computers that having issue with "
    The trust relationship between this workstation and primary domain failed"

    Here is a little background..
    I have multiple sites, each site has it's own DC. They all replicate to my corporate DC via IP over VPN.
    Have mix environment win2k3 and win2k8..


    Some of this users who are having this issue have been upgrade with new computers 6,3,2 months ago.



    now suddenly they having trust relationship issue.


    I have been rejoin them back to the domain one by one and it's working fine.. but I dont think the way I'm doing is the right way to do it.


    I wonder if there is another solution to this.


    thanks,
    HN
    Last edited by L4ndy; 10th February 2012, 16:49.

  • #2
    Re: The workstation trust relationship

    Hi,
    I had to change the thread title slightly so it doesn't get confused with domain trust relationships.
    Quick question,
    How are these machines joined to the domain in the first instance,
    Is the process automated somehow?
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: The workstation trust relationship

      We join them manually. our domain admin input credential manually.

      I think one of the problem is might be the replication issue. since I have so many domain in my environment.

      I just wonder if there is any way to fix this trusted relat. issue globally, like if I defrag AD db would that help? etc...

      thanks,
      HN

      Originally posted by L4ndy View Post
      Hi,
      I had to change the thread title slightly so it doesn't get confused with domain trust relationships.
      Quick question,
      How are these machines joined to the domain in the first instance,
      Is the process automated somehow?

      Comment


      • #4
        Re: The workstation trust relationship

        Just as a note as a common problem that affects this....

        If users invoke a "system restore" and restore to a point older than the last time the computer updated its machine account with the domain, the trust that the computer has with the AD computer object will no longer be in sync. Check with your users to make sure this isnt the cause of the issue.
        JM @ IT Training & Consulting
        http://www.itgeared.com

        Comment


        • #5
          Re: The workstation trust relationship

          We have had that problem on several occasions. Usually the PC joins the domain using one DC as the logonserver then after the forced reboot it tried to use a different DC as a logonserver. We have to search for the PC on the other DC's then replicate from the branch DC to the Central Office DC then from the Central Office to all of the branches. And that usually clears up the problem.

          Comment


          • #6
            Re: The workstation trust relationship

            What does DCDIAG and NETDIAG produce???

            Are all your DC's GC's???

            Comment


            • #7
              Re: The workstation trust relationship

              Originally posted by wullieb1 View Post
              What does DCDIAG and NETDIAG produce???

              Are all your DC's GC's???
              Yes each branch DC is GC.

              Comment


              • #8
                Re: The workstation trust relationship

                I've ran into this stupid problem 10 or so times in the last year or so.

                there was an option somewhere in ad u&c to 'allow trust', but it never worked.

                I just backed up the user account, and readded to domain.

                so stupid.

                Comment


                • #9
                  Re: The workstation trust relationship

                  When you join a new pc to AD is better to use a normal user,
                  If you use a Domain Admin user and another pc with the sam name exist in AD, it will replace the old trust with the new pc and on the old pc you will have this problem.

                  Comment


                  • #10
                    Re: The workstation trust relationship

                    Just remember that, unless changed, a normal user can only join up to 10 PCs to the domain.

                    One hopes a Domain Admin will spot the message "a computer account has been found" and not just go ahead and join a machine with an existing name unless they mean to!
                    Tom Jones
                    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                    PhD, MSc, FIAP, MIITT
                    IT Trainer / Consultant
                    Ossian Ltd
                    Scotland

                    ** Remember to give credit where credit is due and leave reputation points where appropriate **

                    Comment

                    Working...
                    X