Solved

rejoining domain after getting trust relationship errors

Posted on 2013-11-01
12
494 Views
Last Modified: 2013-11-04
Hi,
just completed a new voip system from our 2 offices and coincidentally, when users tried logging into their pcs, they started getting the message that the trust relationship between the workstation and the domain controller has failed.  I have seen this a few years ago and so i did what i did then which was to unjoin the domain then rejoin it and this worked so far for 2 workstations.  Just now we got an error thats similar while trying to remote desktop to one of our member servers.  It said that windows cannot connect to the domain either because the domain is unavailable or your because your computer account was not found.  I assume this is related to active directory and to correct it i would have to rejoin this server to the domain but is that the same process as with the workstations or is it more involved?  Any ideas what could suddenly be causing these issues?  The ip traffic is all moved now to point to the new phone system mpls gateways so i think this is a possible reason since everything was working until the 2 sites got connected earlier this week and the pcs and servers on both sites are all pointing to new gateways now.  thanks.
0
Comment
Question by:dankyle67
  • 6
  • 4
  • 2
12 Comments
 
LVL 15

Expert Comment

by:Skyler Kincaid
ID: 39617322
Are you able to verify that the server and the workstations are not having DNS issues are are able to contact the domain controller?

I would try flushing the dns first if you are able to log into the computer with a local account.

Did you do anything with VLANS or change the subnet or network at all?

The server should not have that issue unless it is having issues connecting to the server that is the domain controller to verify the login attempt.
0
 
LVL 5

Expert Comment

by:alicain
ID: 39617336
Hi,

Given your suspicions about routing, I would start with :
  1. From the member server, can you ping the Domain Controllers by IP address?
  2. Does an NSlookup of the Domain Name correctly return all DCs for the domain?
  3. Can you then ping each of the DCs by name?
  4. What does an "nltest /sc_query:place_your_name_name_here" return?

Regards,
Alastair.
0
 

Author Comment

by:dankyle67
ID: 39617425
I can ping servers and workstations by name so dns seems ok so i will try the "nltest" then let you know.  No vlans are on the existing network however its possible since the phone system has its own switch it might be using vlans.  The pcs and servers were all pointing to the DNS server as the default gateway but once the gateway was changed to the mpls gateways on each side of the dedicated line, all the issues started happening.
0
 

Author Comment

by:dankyle67
ID: 39617534
Just to update you guys, i had one of the users in the main office change back the gateway on the server which was giving the domain error and which we couldnt log into before and once it changed from the phone system gateway to the original gateway which is a netscreen router, the login worked right away.  To get access to the server, i had to have the user log into the server locally which allowed him to change the gateway then logged out and then logged back in thru domain again and worked.  At least it looks most likely that the voip gateway is causing the issue.  Will keep you updated.  What is the correct syntax again for the nltest again as far as the place your name here portion since you listed it 2x is that how its supposed to run?
0
 
LVL 15

Expert Comment

by:Skyler Kincaid
ID: 39617663
Why would you have your server to to the default Gateway of the phone system?

I knew it sounded like a network issue because it started right after you put the phone system in. You should not have changed the gateway on any of your computer network when you put the phone system in.
0
 
LVL 5

Assisted Solution

by:alicain
alicain earned 250 total points
ID: 39617710
So that would confirm that you have a networking / routing issue between the member server and the Domain Controller.

It's a question of ensuring that there is valid routing between the member server (and clients) to the domain controller.

What is the correct default gateway for this network?  Is there routing in place between the two networks?

Given, that you know you have a networking issue, the nltest isn't going to tell you anything more, but the syntax is for example, replace domain.com with your fully qualified domain name:
 nltest /sc_query:domain.com
0
Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 

Author Comment

by:dankyle67
ID: 39618679
I did run the nltest and it came up with I_NETLOGONCONTROL Failed: Status=1355 Error_NO_Such_Domain.  I ran this from the primary domain controller which is also the DNS server.  Just about a month ago we configured this server as a vpn server and so we needed to enable the 2nd nic card on it to enable access thru vpn so wondering if this would be a problem since now this server is also pointing to the voip gateway on one of the nic cards.  Where is it on the dns server settings that you would find what ip address the dns server is using for its own dns server.  I know its supposed to point to itself but isnt there a place where it points to the isps dns server for dns?  Im just concerned the problem is not fully fixed since one of the pcs in their remote office which rejoined the domain in order to fix the trust relationship failed error got the error again later in the day.
0
 

Author Comment

by:dankyle67
ID: 39618683
Also, the pcs in both offices need to point to the voip gateway since that is how the phone system communicated with each other from site to site since each pc is connected thry poe to a phone which has a static ip of its own but i agree that since the servers dont use the phone system no there was no reason to change their default gateways to the voip gateway.
0
 

Author Comment

by:dankyle67
ID: 39618692
I just ran dcdiag on that server and passed all the tests except for replication to the tombstoned server on the remote office site but thats a known event since the vpn was down for more than 2mos the dc on the other site tombstoned.
0
 
LVL 15

Accepted Solution

by:
Skyler Kincaid earned 250 total points
ID: 39619494
You don't even need to change the gateway of the computers. The phones do get POE but they are just a switch if you have the computers plugged into the phone.

When you installed the phones, absolutely nothing needed to change on your "computer network". The phones might use the same cables and switches but they are either on a different subnet or they are setup to use VLANs. Your default gateway should not have changed on your servers or workstations at any location.
0
 

Author Comment

by:dankyle67
ID: 39619783
I agree with you totally since before they did the phone install, i asked them if it would impact the existing network at all and they said not at all but obviously if the pcs change their gateway to the voip gateway then something must have changed that did in fact impact the network since we are experiencing these numerous issues.
0
 
LVL 15

Expert Comment

by:Skyler Kincaid
ID: 39620248
The only things could could change the computers default gateway are your DHCP settings (on your router or server) or someone manually changed the static settings on the computers. My guess is that they enabled DHCP and it is giving out addresses to your computers that should be for the phones.

Sounds like an amateur phone installation.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

A procedure for exporting installed hotfix details of remote computers using powershell
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now