?
Solved

Reestablish trust between new DC and XP workstations

Posted on 2010-11-12
11
Medium Priority
?
1,052 Views
Last Modified: 2013-03-18
Our Win 2000 server crashed recently so we purchased a new Dell server with Win 2008 R2 64bit.  We are using the same domain name and usernames and have promoted the new server to a DC.  Users are able to log into their workstations etc., but the event log on the server contains entries like the following:

The computer ACCOUNTING tried to connect to the server \\ZEUS using the trust relationship established by the AMSSERVER domain. However, the computer lost the correct security identifier (SID) when the domain was reconfigured. Reestablish the trust relationship.

How do I reestablish the trust relationship between the new server and the workstations from the server (I'd rather not provide new credentials to the users or do anything that would change their current windows settings/profiles).  All outlying workstations are Windows XP Pro.  Thanks!
0
Comment
Question by:jamesams
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 3
11 Comments
 
LVL 27

Expert Comment

by:KenMcF
ID: 34121211
SInce this is a new Domain\Forest the SID is different. You will need to remove the workstation from the current domain then add the workstations to the new domain. all users will get a new profile. You can move the old profile to the new one on the local computers.
0
 
LVL 4

Expert Comment

by:patterned
ID: 34121255
Remove the computer off the domain and rejoin.  This will not affect user profiles.

Right click My Computer, go to properties.
Click on the Computer Name tab, click the "Change" button, click the "Workgroup" radio button, Apply, reboot.
After rebooting, do the same thing except click the "Domain" radio button and put in the proper domain (whatever was there before).  


Or for deeper troubleshooting:  http://support.microsoft.com/default.aspx?scid=kb;EN-US;216393
0
 
LVL 4

Expert Comment

by:patterned
ID: 34121272
Sorry, I didn't read that right.
KenMcF is right.  Because the SIDs will be different, a new userprofile will be created if you follow my above advice.
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 

Author Comment

by:jamesams
ID: 34121298
Actually, I just tried that pattered...the test user was test.AMSSERVER...after I temporarily used Workgroup 'Temp', rebooted and logged back in and changed joined the AMSSERVER domain, a new profile was created for user test called test.AMSSERVER.000
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34121324
jamesams, This will happen on all workstations. SInce the Domain SID and user SID will be new. You will need to do that on all workstations and copy the old profile to the new one.
0
 

Author Comment

by:jamesams
ID: 34121350
got it...trying it now....
0
 

Author Comment

by:jamesams
ID: 34121440
Ok, some oddities with copying the old profile to the new, but the process worked.  I just thought there should be some way to do this from the server only....
0
 
LVL 4

Assisted Solution

by:patterned
patterned earned 100 total points
ID: 34121452
Yes jamesams.  I was under the impression that you had backups and restored the domain.

As KenMcF said, this will happen on all the clients because of SID changes.
0
 
LVL 27

Accepted Solution

by:
KenMcF earned 400 total points
ID: 34121477
Unfortunately there is no easy way because the domain was not restored, all computers see this as a new domain with new users..  
0
 

Author Comment

by:jamesams
ID: 34121547
Many thanks!
0
 

Author Closing Comment

by:jamesams
ID: 34121576
Thanks!
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question