Solved

The trust relationship is lost between this workstation

Posted on 2009-05-11
12
1,514 Views
Last Modified: 2012-05-06
I have several computers that after being off the network for a period greater than 6 months, I cannot log back into them on the network as a Domain Admin. I get an error message that states "The trust relationship between the workstation and the primary domain failed".
I have read that to correct this problem, you would need to remove the computer from the domain by changing from the domain to a workgroup, and then changing is back.
Here lies the problem. The Administrators account on the machines has been disabled by group policy. I cannot get logged into any of these machines.
How do I rejoin these computers to the domain? How do I log in locally when the Administrator account has been disabled. If I change the GP so that the Admin account is not disabled, does it return to an enabled state? Also, I read somewhere that if you log in using Safe Mode that that Administrators account is automatically enabled, but it still show disabled when I tried it.
Please help.
0
Comment
Question by:separris
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
12 Comments
 
LVL 6

Expert Comment

by:bcoyxp
ID: 24357548
try using this one to reset your local admin password.

http://home.eunet.no/pnordahl/ntpasswd/

regards,
0
 

Author Comment

by:separris
ID: 24357863
bcoyxp, I attempted to reset the password using your utilitiy, but it did not work. I am getting a message that states "Your account has been disabled". I guess this would make since because this account was disabled using GP when the machine was last on the network.

Any other ideas?
0
 
LVL 2

Expert Comment

by:techxperts
ID: 24359082
from ad users and computers on the DC have u tried to rt click the computer and reset the computer account?
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 2

Expert Comment

by:techxperts
ID: 24359114
see any of these events in your event viewer on the local machine or dc?

http://support.microsoft.com/kb/216393

can u remotely access the client pcs in question through computer management with domain admin credentials?
0
 

Author Comment

by:separris
ID: 24359129
The computer name no longer exist in AD. When the computer was being used 6 months ago, obviously it was in AD. Since then, some cleanup of old inactive accounts and computers were removed from AD. This computer name was one of them. Could this be causing the problem? I attemted to readd the name as it use to be manually, but nothing changed. I also reactivated the user account and used the same password that the old user had, but still no go.
0
 
LVL 2

Accepted Solution

by:
techxperts earned 500 total points
ID: 24359159
if the computer no longer exists in ad thats definately the problem...deleting from the ad destroyed the trust relationship between that computer and the domain controllers. u may be able to restore the deleted computer account

http://www.petri.co.il/recovering-deleted-items-active-directory.htm

0
 
LVL 2

Expert Comment

by:techxperts
ID: 24359164
try the adrestore link in that article for that free utlity
0
 
LVL 2

Expert Comment

by:iamshaked
ID: 24360400
Check your DNS settings thoroughly, I had an issue with this on another clients network. This fixed my issue after an hour of hair pulling.
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 24389570
If your pc isn't in the domain a reboot should get rid of any GPO setting that was applied as the GPO is applied when Windows is contacting the domain.

I was pretty sure http://home.eunet.no/pnordahl/ntpasswd/ had an option to re-enable an account if it was disabled.
0
 
LVL 2

Expert Comment

by:techxperts
ID: 24391402
stoner problem is i think the client caches the gpo settings even if no dc is available. think copoprate laptop user whos on the road. no dc to contact but all the policies are in effect
0
 

Author Comment

by:separris
ID: 24580776
Thanks for all of the input. To gain access to these machines, which were de-installed, I formatted the HDD and started over. I have changed an internal policy to move items in AD and not delete them. This should solve the problem in the future.
0
 
LVL 2

Expert Comment

by:techxperts
ID: 24581866
separris: its ok to delete objects from AD if you are wiping machines and reloading an image or the OS let it regenerate the SID (a clean xp install does this also) and rejoin the domain and youll be fine. We have a stock image we reapply to broken machines or when someone leaves with std apps etc installed. part of the imaging process (using sysprep) generates a new SID for the computer and joins it to the domain, look into that option then delete stale computer accts at will
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question