Link to home
Start Free TrialLog in
Avatar of ehanner
ehanner

asked on

Lost trust relationship

Recently I had to rebuild win2k-server/sp3 on a small office network. Upon completion I have issues trying to login from several workstations with username/pw other than the primary user. Logon fails with can't find domain. Also the event log is littered with the following

"The computer HCS-FOUR tried to connect to the server \\HCS01 using the trust relationship established by the HEADQUARTERS domain. However, the computer lost the correct security identifier (SID) when the domain was reconfigured. Reestablish the trust relationship."

My research into the 5513 error and above message led me to the "NET DOM" command but I have not been able to get it to run correctly. I could use some guidence on how to re-establish the trust relationship.

Thanks for your thoughts,

Eric
Avatar of nick_s
nick_s

To reestablish a trust in W2k you go to Active Directory Domains and Trusts. there you should see the domain and all child domain. And in the properties for each you can establish and remove trusts.

Nick
Avatar of oBdA
Remove the clients from the domain, delete the computer accounts in AD, add the clients back to the domain.
The easiest way I have seen to reestablish a trust relationship is to log in to the machine as the local administrator, change it to a workgroup member, apply the changes, then go back in and add it back into the domain.  From my experience, this has almost always worked, I haven't had to delete the computer accoutn in AD, and you generally don't even have to reboot in between changing it to a workgroup and back to the domain.

It's worked for me, can't guarantee it will work for you, but it's easy, so give it a try.
Avatar of ehanner

ASKER

As I re-read my post, I see that I skipped the part where I used the same domain and computer names when I re-built the DC. I tried deleting the computer accounts and renaming the machines, and rejoining the domain with no luck.

When you say "apply the changes", what changes are you refering to? Changing the machine name? The trouble is the secret sid that is shared from the DC. The workstations are looking for a DC with a certain sid and it changed when I rebuilt win2k-server.

Avatar of ehanner

ASKER

Have any of you ever used NET DOM?
Avatar of ehanner

ASKER

Have any of you ever used NET DOM?
ASKER CERTIFIED SOLUTION
Avatar of oBdA
oBdA

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of ehanner

ASKER

oBdA
I'll try it this afternoon. Thanks. I tried removing the computer from the domain and rejoining and deleting the accounts but not at the same time.
Avatar of ehanner

ASKER

oBdA,
Your procedure worked as advertised. I had done both parts but not at the same time, previously. I did loose the desktop profile for the user on that machine for some reason. I was surprised by that since the users are all roaming profiles.

Thanks again,

Eric