dankyle67
asked on
rejoining domain after getting trust relationship errors
Hi,
just completed a new voip system from our 2 offices and coincidentally, when users tried logging into their pcs, they started getting the message that the trust relationship between the workstation and the domain controller has failed. I have seen this a few years ago and so i did what i did then which was to unjoin the domain then rejoin it and this worked so far for 2 workstations. Just now we got an error thats similar while trying to remote desktop to one of our member servers. It said that windows cannot connect to the domain either because the domain is unavailable or your because your computer account was not found. I assume this is related to active directory and to correct it i would have to rejoin this server to the domain but is that the same process as with the workstations or is it more involved? Any ideas what could suddenly be causing these issues? The ip traffic is all moved now to point to the new phone system mpls gateways so i think this is a possible reason since everything was working until the 2 sites got connected earlier this week and the pcs and servers on both sites are all pointing to new gateways now. thanks.
just completed a new voip system from our 2 offices and coincidentally, when users tried logging into their pcs, they started getting the message that the trust relationship between the workstation and the domain controller has failed. I have seen this a few years ago and so i did what i did then which was to unjoin the domain then rejoin it and this worked so far for 2 workstations. Just now we got an error thats similar while trying to remote desktop to one of our member servers. It said that windows cannot connect to the domain either because the domain is unavailable or your because your computer account was not found. I assume this is related to active directory and to correct it i would have to rejoin this server to the domain but is that the same process as with the workstations or is it more involved? Any ideas what could suddenly be causing these issues? The ip traffic is all moved now to point to the new phone system mpls gateways so i think this is a possible reason since everything was working until the 2 sites got connected earlier this week and the pcs and servers on both sites are all pointing to new gateways now. thanks.
Hi,
Given your suspicions about routing, I would start with :
1. From the member server, can you ping the Domain Controllers by IP address?
2. Does an NSlookup of the Domain Name correctly return all DCs for the domain?
3. Can you then ping each of the DCs by name?
4. What does an "nltest /sc_query:place_your_name_
Regards,
Alastair.
Given your suspicions about routing, I would start with :
1. From the member server, can you ping the Domain Controllers by IP address?
2. Does an NSlookup of the Domain Name correctly return all DCs for the domain?
3. Can you then ping each of the DCs by name?
4. What does an "nltest /sc_query:place_your_name_
Regards,
Alastair.
ASKER
I can ping servers and workstations by name so dns seems ok so i will try the "nltest" then let you know. No vlans are on the existing network however its possible since the phone system has its own switch it might be using vlans. The pcs and servers were all pointing to the DNS server as the default gateway but once the gateway was changed to the mpls gateways on each side of the dedicated line, all the issues started happening.
ASKER
Just to update you guys, i had one of the users in the main office change back the gateway on the server which was giving the domain error and which we couldnt log into before and once it changed from the phone system gateway to the original gateway which is a netscreen router, the login worked right away. To get access to the server, i had to have the user log into the server locally which allowed him to change the gateway then logged out and then logged back in thru domain again and worked. At least it looks most likely that the voip gateway is causing the issue. Will keep you updated. What is the correct syntax again for the nltest again as far as the place your name here portion since you listed it 2x is that how its supposed to run?
Why would you have your server to to the default Gateway of the phone system?
I knew it sounded like a network issue because it started right after you put the phone system in. You should not have changed the gateway on any of your computer network when you put the phone system in.
I knew it sounded like a network issue because it started right after you put the phone system in. You should not have changed the gateway on any of your computer network when you put the phone system in.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I did run the nltest and it came up with I_NETLOGONCONTROL Failed: Status=1355 Error_NO_Such_Domain. I ran this from the primary domain controller which is also the DNS server. Just about a month ago we configured this server as a vpn server and so we needed to enable the 2nd nic card on it to enable access thru vpn so wondering if this would be a problem since now this server is also pointing to the voip gateway on one of the nic cards. Where is it on the dns server settings that you would find what ip address the dns server is using for its own dns server. I know its supposed to point to itself but isnt there a place where it points to the isps dns server for dns? Im just concerned the problem is not fully fixed since one of the pcs in their remote office which rejoined the domain in order to fix the trust relationship failed error got the error again later in the day.
ASKER
Also, the pcs in both offices need to point to the voip gateway since that is how the phone system communicated with each other from site to site since each pc is connected thry poe to a phone which has a static ip of its own but i agree that since the servers dont use the phone system no there was no reason to change their default gateways to the voip gateway.
ASKER
I just ran dcdiag on that server and passed all the tests except for replication to the tombstoned server on the remote office site but thats a known event since the vpn was down for more than 2mos the dc on the other site tombstoned.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I agree with you totally since before they did the phone install, i asked them if it would impact the existing network at all and they said not at all but obviously if the pcs change their gateway to the voip gateway then something must have changed that did in fact impact the network since we are experiencing these numerous issues.
The only things could could change the computers default gateway are your DHCP settings (on your router or server) or someone manually changed the static settings on the computers. My guess is that they enabled DHCP and it is giving out addresses to your computers that should be for the phones.
Sounds like an amateur phone installation.
Sounds like an amateur phone installation.
I would try flushing the dns first if you are able to log into the computer with a local account.
Did you do anything with VLANS or change the subnet or network at all?
The server should not have that issue unless it is having issues connecting to the server that is the domain controller to verify the login attempt.