Announcement

Collapse
No announcement yet.

The trust between the workstation and the domain cannot be established

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • The trust between the workstation and the domain cannot be established

    Hi guys thanks a lot for ur help,ur help is appreciated .I got a weird trust situation where Windows 7 pc's are most often losing or droping out of the domain and when I rejoin them by first workgroup and back to domain than in few weeks it happens again...Pls any body have a clue on what might be causing this on our domain/DNS...Also sometimes I can not logging with server name through RDP to a remote server unless I use the IP Address....pls any help or advice will be highly appreciated....Thank you very much.
    Last edited by techcreeb; 30th April 2016, 08:35.

  • #2
    Check the clocks vs the PDC Emulator role - if they are more than (default of) 5 mins out of sync, you will get this - note the allowable value can be changed through a GPO so yours may be different
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Thanks a lot..You mean the Windows systems clock and I believe u me the doc as PDC emu

      Comment


      • #4
        Hi Ossian, I check the PDC against the system clock and the clock is ok......pls do u kno somethings else I can check.....thanks

        Comment


        • #5
          OK, so to confirm,the clocks on the Win7 boxes are within 5 minutes (or your actual figure) of the clock on the Domain Controller holding the PDC Emulator FSMO.

          If not that, could there be another DC that is not in sync with the remainder of the DCs?
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            You could be correct on the workstations as I could not check the time on the workstation it till Monday.But our DC are in sync with time and as soon I verify the workstation I will let you know...Thanks for ur help

            Comment


            • #7
              There are also various methods of re-joining. You can 'reset' the computer account; remove the client from the domain, reset, then rejoin; or delete the account after removing the PC from the domain so that a new computer account is created when you 'cleanly' add the PC to the domain. I'd research this properly, as I've seen various opinions about which is best.
              A recent poll suggests that 6 out of 7 dwarfs are not happy

              Comment


              • #8
                You can use the cmd-line tool 'netdom' to reset the computer's password on the domain, without having to go thru the delay of the divorce-then-rejoin multiple reboot sequence. The only gotcha is that 'netdom' isn't included in Win7 by default, but it's easy to put there. Netdom is installed on Server 2008 (&R2), so could be copied from inside any server on your system at that level. I've used this on servers and clients with equal success. You'll need to copy 2 files from a server to the same folder names on a client: 'netdom.exe' from c:\windows\system32 and 'netdom.exe.mui' from c:\windows\system32\en-us.

                For the use/syntax of the command itself, have a read at: "http://ss64.com/nt/netdom-resetpwd.html" I tried several times to post the exact steps but the forum inspection engine kept blocking me. Just be sure your cmd prompt is running at the elevated (run as administrator) level. When you get the 'success' message, restart the client just this once.

                PCs don't normally just 'lose' the trust with their domain, unless the domain is sick. If you need to keep things limping along until you figure out what's up with AD and your DNS services, you could copy the 2 needed files to the correct directories on all the clients, so it can be run on them at any time. But by all means, you need to diagnose your domain issues.
                *RicklesP*
                MSCA (2003/XP), Security+, CCNA

                ** Remember: credit where credit is due, and reputation points as appropriate **

                Comment

                Working...
                X