Server 08 RDS Issue

I am troubleshooting an issue for a friend, they have a RDS server (server 08) that is a hyper-V vm and it was working fine until the other day. No recent changes have been made that i am aware of. When trying to RDP into the box and use your domain login, i receive this message:
 the trust relationship between this workstation and primary domain failed

I can ping the DC from this server and i see the computer object for this server in AD.
I get other errors also in the event viewer such as:
3210 - stating it could not authenticate with the DC
1067 - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: Access is denied.
1055 - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one or more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
Who is Participating?
0x6Connect With a Mentor Commented:
From the command prompt of the RDS server what is the output of:

Usually it is the DC's FQDN and IP

Default Server:

If it is pointing to the DC, then the trust relationship between the DC and the RDS server is broken. So you have to: (Before doing any of this, make sure it is done in your maintenance window or in the time frame when users are not affected. Also have the local Admin password for the RDS box.)

Reset the computer account for the RDS server in AD.
Join it to a Workgroup, which would sever its ties from the Domain. Restart it.
Login with the local Admin account. Join it to the Domain again, hopefully with no errors. Restart it.
Try to login with the domain account.

Let us know.
are other computers able to authenticate with the Domain controller?
Cobra25Author Commented:
yes, only this one has this issue.
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Check the DNS entries, are they pointing to the DC?
Cobra25Author Commented:
0x6, yes i did this already and it took care of the issue.

What i was worried about is that if users were going to lose their user profiles when they logged in again (since i took it off the domain and rejoined it). I havent heard anything yet, so i'm assuming since the domain name did not change, their user profiles were not affected. Does this sound right to you?
Yes, their existing profiles will be used.
Good to know the issue is resolved. Correct. User profiles should not be affected.
Cobra25Author Commented:
Any idea why the trust would just break?
The reason for this is computer/member server password mismatch with the domain.
Computers change their password every 30 days by default which has to be in-sync with the domain, and at that time if there was a miscommunication or network issue between the DC and a server then the passwords don't get synchronize, hence 'a broken trust'.
Cobra25Author Commented:
Oh ok, that makes sense.
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
On the off chance was the RDS's time wrong? VMs sometimes have issues with holding time.

If you have trouble logging into the machine that's having this issue, just unplug the network cable and then log in.  Once you get logged in you can plug it back in and follow the procedure above.  

Thanks guys.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.