Shane McKeown
asked on
Trust Relationship failed
All
Have a client with a laptop(HP 530) running Win 7 Pro(32-bit)
They have an SBS2011 server with domain setup, have about 30 laptops on the domain
5 of the laptops are the HP 530 models
1 of these laptops is throwing the error 'Trust relationship between this computer and primary domain failed' when trying to login
This started happening about 6 months ago - first time it happened I removed account from AD and disjoined from the domain on the laptop - rejoined and all is well
Couple of months passed and again this happened - again I disjoined domain, removed account from AD, rejoined and all is well...
Now its back happening again
Started looking for what could be causing this issue I found another answer on this site that pointed to checking the SID for the computer - to make sure the SID matches the SID of the computer account in AD
Turns out it doesn't match, they are different
This was the answer I was using - https://www.experts-exchange.com/questions/27672173/Failed-to-authenticate-with-computer-name-a-Windows-NT-domain-controller-for-domain.html
Ok so in ADSIEDIT I've drilled down to the Computers OU - selected Properties and checked the objectSID - is this the correct property(just before I continue?)
My main question - since I've previously removed the computer object from AD, removed laptop from domain etc...and these errors still crop up - is it as simple as changing the SID property in ADSIEdit to match the laptop? Or is there more to it?
If not - how do I remove the account properly to get this machine up and running again?
I've attached the eventlog from the laptop for reference in case anyone needs to review that, anything else needed let me know...
Thanks
Shane
sid.zip
Have a client with a laptop(HP 530) running Win 7 Pro(32-bit)
They have an SBS2011 server with domain setup, have about 30 laptops on the domain
5 of the laptops are the HP 530 models
1 of these laptops is throwing the error 'Trust relationship between this computer and primary domain failed' when trying to login
This started happening about 6 months ago - first time it happened I removed account from AD and disjoined from the domain on the laptop - rejoined and all is well
Couple of months passed and again this happened - again I disjoined domain, removed account from AD, rejoined and all is well...
Now its back happening again
Started looking for what could be causing this issue I found another answer on this site that pointed to checking the SID for the computer - to make sure the SID matches the SID of the computer account in AD
Turns out it doesn't match, they are different
This was the answer I was using - https://www.experts-exchange.com/questions/27672173/Failed-to-authenticate-with-computer-name-a-Windows-NT-domain-controller-for-domain.html
Ok so in ADSIEDIT I've drilled down to the Computers OU - selected Properties and checked the objectSID - is this the correct property(just before I continue?)
My main question - since I've previously removed the computer object from AD, removed laptop from domain etc...and these errors still crop up - is it as simple as changing the SID property in ADSIEdit to match the laptop? Or is there more to it?
If not - how do I remove the account properly to get this machine up and running again?
I've attached the eventlog from the laptop for reference in case anyone needs to review that, anything else needed let me know...
Thanks
Shane
sid.zip
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It resets the computer password in your environment. It's more of a note for future occurrences.
ASKER
Ok, but what about the SID mismatch? Is this now the issue?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Right, don't want to come across as stupid but I've already tried all these steps!
This is the third time this has happened, the first and second time I removed laptop from domain, deleted computer object, rejoined domain - all good for 3-4 weeks and then trust failed again...which is why I posted here, its like the object is not deleting correctly or I am missing something...
This is the third time this has happened, the first and second time I removed laptop from domain, deleted computer object, rejoined domain - all good for 3-4 weeks and then trust failed again...which is why I posted here, its like the object is not deleting correctly or I am missing something...
I think somewhere down the line during the imaging process it's using existing information for another machine. How are you laying the image down? Can you reimage the machine?
ASKER
All machines were clean installed using standard Win7 DVD, manual process, no imaging as such...
If possible I'd rather change SID on this machine - is that possible without clean install?
If possible I'd rather change SID on this machine - is that possible without clean install?
ASKER
I've disjoined from domain, deleted the computer object, renamed the laptop to new name, rejoined domain, will leave this for a few days to see how it works out...thanks for help so far.
ASKER
Thanks for the help, pc is still working fine, will report back if things go bad again...
ASKER
Cheers...