Lost trust relationship

Posted on 2003-03-27
Medium Priority
Last Modified: 2012-05-04
Recently I had to rebuild win2k-server/sp3 on a small office network. Upon completion I have issues trying to login from several workstations with username/pw other than the primary user. Logon fails with can't find domain. Also the event log is littered with the following

"The computer HCS-FOUR tried to connect to the server \\HCS01 using the trust relationship established by the HEADQUARTERS domain. However, the computer lost the correct security identifier (SID) when the domain was reconfigured. Reestablish the trust relationship."

My research into the 5513 error and above message led me to the "NET DOM" command but I have not been able to get it to run correctly. I could use some guidence on how to re-establish the trust relationship.

Thanks for your thoughts,

Question by:ehanner
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 8220476
To reestablish a trust in W2k you go to Active Directory Domains and Trusts. there you should see the domain and all child domain. And in the properties for each you can establish and remove trusts.

LVL 85

Expert Comment

ID: 8220616
Remove the clients from the domain, delete the computer accounts in AD, add the clients back to the domain.

Expert Comment

ID: 8220775
The easiest way I have seen to reestablish a trust relationship is to log in to the machine as the local administrator, change it to a workgroup member, apply the changes, then go back in and add it back into the domain.  From my experience, this has almost always worked, I haven't had to delete the computer accoutn in AD, and you generally don't even have to reboot in between changing it to a workgroup and back to the domain.

It's worked for me, can't guarantee it will work for you, but it's easy, so give it a try.
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users


Author Comment

ID: 8221699
As I re-read my post, I see that I skipped the part where I used the same domain and computer names when I re-built the DC. I tried deleting the computer accounts and renaming the machines, and rejoining the domain with no luck.

When you say "apply the changes", what changes are you refering to? Changing the machine name? The trouble is the secret sid that is shared from the DC. The workstations are looking for a DC with a certain sid and it changed when I rebuilt win2k-server.


Author Comment

ID: 8221716
Have any of you ever used NET DOM?

Author Comment

ID: 8222725
Have any of you ever used NET DOM?
LVL 85

Accepted Solution

oBdA earned 400 total points
ID: 8223530
If you reinstalled the server, then your original SID is gone; so there is no other way than the one I already described: Delete the computer accounts of the clients in question in AD, remove the clients from the (former) domain (by putting them into a temporary workgroup), reboot, and rejoin the (new) domain.
Depending on how many clients you have, you could try to automate this by using "netdom remove" and "netdom rejoin" instead of visiting each workstation. "netdom trust" won't help you here.

Author Comment

ID: 8225207
I'll try it this afternoon. Thanks. I tried removing the computer from the domain and rejoining and deleting the accounts but not at the same time.

Author Comment

ID: 8275200
Your procedure worked as advertised. I had done both parts but not at the same time, previously. I did loose the desktop profile for the user on that machine for some reason. I was surprised by that since the users are all roaming profiles.

Thanks again,


Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question