ehanner
asked on
Lost trust relationship
Recently I had to rebuild win2k-server/sp3 on a small office network. Upon completion I have issues trying to login from several workstations with username/pw other than the primary user. Logon fails with can't find domain. Also the event log is littered with the following
"The computer HCS-FOUR tried to connect to the server \\HCS01 using the trust relationship established by the HEADQUARTERS domain. However, the computer lost the correct security identifier (SID) when the domain was reconfigured. Reestablish the trust relationship."
My research into the 5513 error and above message led me to the "NET DOM" command but I have not been able to get it to run correctly. I could use some guidence on how to re-establish the trust relationship.
Thanks for your thoughts,
Eric
"The computer HCS-FOUR tried to connect to the server \\HCS01 using the trust relationship established by the HEADQUARTERS domain. However, the computer lost the correct security identifier (SID) when the domain was reconfigured. Reestablish the trust relationship."
My research into the 5513 error and above message led me to the "NET DOM" command but I have not been able to get it to run correctly. I could use some guidence on how to re-establish the trust relationship.
Thanks for your thoughts,
Eric
Remove the clients from the domain, delete the computer accounts in AD, add the clients back to the domain.
The easiest way I have seen to reestablish a trust relationship is to log in to the machine as the local administrator, change it to a workgroup member, apply the changes, then go back in and add it back into the domain. From my experience, this has almost always worked, I haven't had to delete the computer accoutn in AD, and you generally don't even have to reboot in between changing it to a workgroup and back to the domain.
It's worked for me, can't guarantee it will work for you, but it's easy, so give it a try.
It's worked for me, can't guarantee it will work for you, but it's easy, so give it a try.
ASKER
As I re-read my post, I see that I skipped the part where I used the same domain and computer names when I re-built the DC. I tried deleting the computer accounts and renaming the machines, and rejoining the domain with no luck.
When you say "apply the changes", what changes are you refering to? Changing the machine name? The trouble is the secret sid that is shared from the DC. The workstations are looking for a DC with a certain sid and it changed when I rebuilt win2k-server.
When you say "apply the changes", what changes are you refering to? Changing the machine name? The trouble is the secret sid that is shared from the DC. The workstations are looking for a DC with a certain sid and it changed when I rebuilt win2k-server.
ASKER
Have any of you ever used NET DOM?
ASKER
Have any of you ever used NET DOM?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
oBdA
I'll try it this afternoon. Thanks. I tried removing the computer from the domain and rejoining and deleting the accounts but not at the same time.
I'll try it this afternoon. Thanks. I tried removing the computer from the domain and rejoining and deleting the accounts but not at the same time.
ASKER
oBdA,
Your procedure worked as advertised. I had done both parts but not at the same time, previously. I did loose the desktop profile for the user on that machine for some reason. I was surprised by that since the users are all roaming profiles.
Thanks again,
Eric
Your procedure worked as advertised. I had done both parts but not at the same time, previously. I did loose the desktop profile for the user on that machine for some reason. I was surprised by that since the users are all roaming profiles.
Thanks again,
Eric
Nick