rejoining domain after getting trust relationship errors

Hi,
just completed a new voip system from our 2 offices and coincidentally, when users tried logging into their pcs, they started getting the message that the trust relationship between the workstation and the domain controller has failed.  I have seen this a few years ago and so i did what i did then which was to unjoin the domain then rejoin it and this worked so far for 2 workstations.  Just now we got an error thats similar while trying to remote desktop to one of our member servers.  It said that windows cannot connect to the domain either because the domain is unavailable or your because your computer account was not found.  I assume this is related to active directory and to correct it i would have to rejoin this server to the domain but is that the same process as with the workstations or is it more involved?  Any ideas what could suddenly be causing these issues?  The ip traffic is all moved now to point to the new phone system mpls gateways so i think this is a possible reason since everything was working until the 2 sites got connected earlier this week and the pcs and servers on both sites are all pointing to new gateways now.  thanks.
dankyle67Asked:
Who is Participating?
 
Skyler KincaidConnect With a Mentor Network/Systems EngineerCommented:
You don't even need to change the gateway of the computers. The phones do get POE but they are just a switch if you have the computers plugged into the phone.

When you installed the phones, absolutely nothing needed to change on your "computer network". The phones might use the same cables and switches but they are either on a different subnet or they are setup to use VLANs. Your default gateway should not have changed on your servers or workstations at any location.
0
 
Skyler KincaidNetwork/Systems EngineerCommented:
Are you able to verify that the server and the workstations are not having DNS issues are are able to contact the domain controller?

I would try flushing the dns first if you are able to log into the computer with a local account.

Did you do anything with VLANS or change the subnet or network at all?

The server should not have that issue unless it is having issues connecting to the server that is the domain controller to verify the login attempt.
0
 
alicainCommented:
Hi,

Given your suspicions about routing, I would start with :
  1. From the member server, can you ping the Domain Controllers by IP address?
  2. Does an NSlookup of the Domain Name correctly return all DCs for the domain?
  3. Can you then ping each of the DCs by name?
  4. What does an "nltest /sc_query:place_your_name_name_here" return?

Regards,
Alastair.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
dankyle67Author Commented:
I can ping servers and workstations by name so dns seems ok so i will try the "nltest" then let you know.  No vlans are on the existing network however its possible since the phone system has its own switch it might be using vlans.  The pcs and servers were all pointing to the DNS server as the default gateway but once the gateway was changed to the mpls gateways on each side of the dedicated line, all the issues started happening.
0
 
dankyle67Author Commented:
Just to update you guys, i had one of the users in the main office change back the gateway on the server which was giving the domain error and which we couldnt log into before and once it changed from the phone system gateway to the original gateway which is a netscreen router, the login worked right away.  To get access to the server, i had to have the user log into the server locally which allowed him to change the gateway then logged out and then logged back in thru domain again and worked.  At least it looks most likely that the voip gateway is causing the issue.  Will keep you updated.  What is the correct syntax again for the nltest again as far as the place your name here portion since you listed it 2x is that how its supposed to run?
0
 
Skyler KincaidNetwork/Systems EngineerCommented:
Why would you have your server to to the default Gateway of the phone system?

I knew it sounded like a network issue because it started right after you put the phone system in. You should not have changed the gateway on any of your computer network when you put the phone system in.
0
 
alicainConnect With a Mentor Commented:
So that would confirm that you have a networking / routing issue between the member server and the Domain Controller.

It's a question of ensuring that there is valid routing between the member server (and clients) to the domain controller.

What is the correct default gateway for this network?  Is there routing in place between the two networks?

Given, that you know you have a networking issue, the nltest isn't going to tell you anything more, but the syntax is for example, replace domain.com with your fully qualified domain name:
 nltest /sc_query:domain.com
0
 
dankyle67Author Commented:
I did run the nltest and it came up with I_NETLOGONCONTROL Failed: Status=1355 Error_NO_Such_Domain.  I ran this from the primary domain controller which is also the DNS server.  Just about a month ago we configured this server as a vpn server and so we needed to enable the 2nd nic card on it to enable access thru vpn so wondering if this would be a problem since now this server is also pointing to the voip gateway on one of the nic cards.  Where is it on the dns server settings that you would find what ip address the dns server is using for its own dns server.  I know its supposed to point to itself but isnt there a place where it points to the isps dns server for dns?  Im just concerned the problem is not fully fixed since one of the pcs in their remote office which rejoined the domain in order to fix the trust relationship failed error got the error again later in the day.
0
 
dankyle67Author Commented:
Also, the pcs in both offices need to point to the voip gateway since that is how the phone system communicated with each other from site to site since each pc is connected thry poe to a phone which has a static ip of its own but i agree that since the servers dont use the phone system no there was no reason to change their default gateways to the voip gateway.
0
 
dankyle67Author Commented:
I just ran dcdiag on that server and passed all the tests except for replication to the tombstoned server on the remote office site but thats a known event since the vpn was down for more than 2mos the dc on the other site tombstoned.
0
 
dankyle67Author Commented:
I agree with you totally since before they did the phone install, i asked them if it would impact the existing network at all and they said not at all but obviously if the pcs change their gateway to the voip gateway then something must have changed that did in fact impact the network since we are experiencing these numerous issues.
0
 
Skyler KincaidNetwork/Systems EngineerCommented:
The only things could could change the computers default gateway are your DHCP settings (on your router or server) or someone manually changed the static settings on the computers. My guess is that they enabled DHCP and it is giving out addresses to your computers that should be for the phones.

Sounds like an amateur phone installation.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.