The trust between the workstation and the domain cannot be established

Home Forums Microsoft Networking and Management Services DNS The trust between the workstation and the domain cannot be established

This topic contains 7 replies, has 5 voices, and was last updated by Avatar calinx 3 years, 6 months ago.

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • Avatar
    techcreeb
    Participant
    #166324

    Hi guys thanks a lot for ur help,ur help is appreciated .I got a weird trust situation where Windows 7 pc’s are most often losing or droping out of the domain and when I rejoin them by first workgroup and back to domain than in few weeks it happens again…Pls any body have a clue on what might be causing this on our domain/DNS…Also sometimes I can not logging with server name through RDP to a remote server unless I use the IP Address….pls any help or advice will be highly appreciated….Thank you very much.

    Avatar
    Ossian
    Moderator
    #191201

    Check the clocks vs the PDC Emulator role – if they are more than (default of) 5 mins out of sync, you will get this – note the allowable value can be changed through a GPO so yours may be different

    Avatar
    calinx
    Member
    #379614

    Thanks a lot..You mean the Windows systems clock and I believe u me the doc as PDC emu

    Avatar
    calinx
    Member
    #379616

    Hi Ossian, I check the PDC against the system clock and the clock is ok……pls do u kno somethings else I can check…..thanks

    Avatar
    Ossian
    Moderator
    #191204

    OK, so to confirm,the clocks on the Win7 boxes are within 5 minutes (or your actual figure) of the clock on the Domain Controller holding the PDC Emulator FSMO.

    If not that, could there be another DC that is not in sync with the remainder of the DCs?

    Avatar
    calinx
    Member
    #379618

    You could be correct on the workstations as I could not check the time on the workstation it till Monday.But our DC are in sync with time and as soon I verify the workstation I will let you know…Thanks for ur help

    Blood
    Blood
    Moderator
    #337107

    There are also various methods of re-joining. You can ‘reset’ the computer account; remove the client from the domain, reset, then rejoin; or delete the account after removing the PC from the domain so that a new computer account is created when you ‘cleanly’ add the PC to the domain. I’d research this properly, as I’ve seen various opinions about which is best.

    Avatar
    Anonymous
    #371925

    You can use the cmd-line tool ‘netdom’ to reset the computer’s password on the domain, without having to go thru the delay of the divorce-then-rejoin multiple reboot sequence. The only gotcha is that ‘netdom’ isn’t included in Win7 by default, but it’s easy to put there. Netdom is installed on Server 2008 (&R2), so could be copied from inside any server on your system at that level. I’ve used this on servers and clients with equal success. You’ll need to copy 2 files from a server to the same folder names on a client: ‘netdom.exe’ from c:windowssystem32 and ‘netdom.exe.mui’ from c:windowssystem32en-us.

    For the use/syntax of the command itself, have a read at: “http://ss64.com/nt/netdom-resetpwd.html” I tried several times to post the exact steps but the forum inspection engine kept blocking me. Just be sure your cmd prompt is running at the elevated (run as administrator) level. When you get the ‘success’ message, restart the client just this once.

    PCs don’t normally just ‘lose’ the trust with their domain, unless the domain is sick. If you need to keep things limping along until you figure out what’s up with AD and your DNS services, you could copy the 2 needed files to the correct directories on all the clients, so it can be run on them at any time. But by all means, you need to diagnose your domain issues.

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.