Solved

Trust relationship between this workstation and the primary domain failed

Posted on 2011-09-22
5
485 Views
Last Modified: 2012-05-12
We currently have a windows 2003 domain and 8 Domain Controllers spread out in the organization. The setup is as follows:-
- HQ - 3 Domain Controllers
- Site 2 - 2 Domain Controllers (FSMO role holders)
and 3 other branch sites have a Domain Controller each.

An issue started cropping up on machines getting the Trust relationship issue when users try to login to them. The machine accounts seem to be alive and well on AD when it gets this trust issues and need to be re-added. Even after re-adding the machine to the domain some machines get the same error again a week or so after. We have yet to isolate it to a certain Operating System or maybe a culprit GPO. Right now it seems to be randomly happening across the domain. Is there any way of actually pinpointing the cause of this error that occurs on the machines??
0
Comment
Question by:itc_sysadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 167 total points
ID: 36585190
By default each computer in a domain changes its password every 30 days. When PC is not restarted at least once in this time or it's problem wth accessing DC then next time computer cannot log on into domain. Then you will see that error message which you posted here.

To be sure that everything is OK, schedule frequent workstations restart.

Additionally, please run on your DC in command-line

dcdiag /e /c /v
and
repadmin /showrepl /all /intersite /verbose

and review output to see if there are no errors in your domain environemnt (i.e. with replication)

Regards,
Krzysztof
0
 
LVL 9

Assisted Solution

by:Lester_Clayton
Lester_Clayton earned 167 total points
ID: 36585366
Frequent causes of Trust Relationship Failed:

There is another computer in the same domain with the same name
Somebody is deleting the computer object
People are reverting to an earlier stage of the computer's life (System Restore, Snapshots, etc)

0
 
LVL 7

Assisted Solution

by:ComputerBeast
ComputerBeast earned 166 total points
ID: 36586188
Hi all,

Take the PC out of the domain. Delete the workstation object from the domain (if it remains). Add the PC back into the domain

Hope it works.

Thank you
Anil
0
 

Author Comment

by:itc_sysadmin
ID: 36586270
Thanks everyone for the replies. I have a feedback that this issue maybe happening to windows7 machines.

The exact issue is that after the machine is installed with win7, after about a week or so the machine gets kicked out of the network with that error. Re-adding to the domain works but a week later the same issue arises again.

Does anyone else face similar issues with win7 machines and was able to resolve it? Is this a vulnerability? And if so has MS released a patch yet on this issue?

Itc admin
0
 

Author Closing Comment

by:itc_sysadmin
ID: 36719688
have done some research on the issue and found that it seems to be a vulnerability with win7 machines. didn't really get a confirmation on whether it was or not. may need to research some more.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question