Solved

Lost Trust Relationship

Posted on 2013-11-07
12
706 Views
Last Modified: 2014-07-07
Network managed by Windows Server 2008 R2 with all clients Windows 7 Pro 32 bit. I have a couple of clients that generate a message that the trust relationship has been lost with the domain controller. I have one DC and about 150 clients. I wanted to log on locally as the local administrator but when I tried to do that I got a message that the group policy service had not started. I tried safe mode but could not log on. So I have a couple for questions - 1) How do I solve this problem and get this computer to rejoin the "trust relationship" and 2) what causes this and how can I prevent it?

Thank you!

Robert
0
Comment
Question by:RobertEhinger
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +4
12 Comments
 
LVL 12

Expert Comment

by:piattnd
ID: 39631740
What is the full error message you receive?  Did you try safe mode or safe mode with networking?

As for the causes of a trust issue (typically happens on clients), there are many possible causes.  A few solutions were posted in this link:

http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_install/windows-7-computers-lose-trust-with-the-domain/2ac6088a-f089-4ed6-9842-865406e4dcf2
0
 
LVL 12

Expert Comment

by:piattnd
ID: 39631745
Just came across this blog entry, which is quite long but informative (I haven't read the whole thing yet).

Might give it a look.  They propose there's an alternative fix/explanation than just rejoining the domain.

http://implbits.com/About/Blog/tabid/78/post/don-t-rejoin-to-fix-the-trust-relationship-between-this-workstation-and-the-primary-domain-failed/Default.aspx
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 39631761
You can reset the secure channel but it is easier just to remove from the domain, delete the computer object from AD then rejoin.
0
Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

 
LVL 11

Expert Comment

by:BillBondo
ID: 39631826
Unplug the network cable and logon as domain admin. reconnect network cable and remove from domain and rejoin. Havent found any other solution to it or how to prevent it. Local admin is disabled when u join domain.
0
 
LVL 16

Expert Comment

by:Dirk Mare
ID: 39631853
Use netdom command to reset the computer account password if this doesn't work... remove computer from the domain, delete the computer account from active directory users and computers and wait for changes to AD to replicate to all of your DC before rejoining the computer..
0
 

Author Comment

by:RobertEhinger
ID: 39632288
Here is an update to what I tried based on the above suggestions -

Disconnected the Ethernet cable and tried logging in with local admin account - error message - "Group policy service failed the login. Access is denied."

Tried the same thing in safe mode and after entering the local admin  username and password the screen changed to the black screen with safe mode in all four comers and then it went back to the log on screen.
I plugged the Ethernet cable back in and tried Safe Mode with networking and got the exact same result.

Restarted computer and tried logging in normally with local admin account and received the following error - "The security database on the server does not have a computer account for this workstation trust relationship."

Tried logging on as a user and got the same message.

Don't I need to get logged on in order to use the netdom command?
0
 
LVL 16

Expert Comment

by:Dirk Mare
ID: 39632728
you can run netdom remotely using remote powershell or command prompt.
0
 
LVL 2

Expert Comment

by:kabilanis
ID: 39633025
could be silly, but give it a try... can you pls. try the username as .\<localadmin>
0
 
LVL 11

Expert Comment

by:BillBondo
ID: 39642176
local admin account is disabled. unplug the nic and logon as you would with domain admin account then plug nic back in and un/rejoin domain
0
 

Accepted Solution

by:
RobertEhinger earned 0 total points
ID: 39646313
None of the above suggestions worked and even connecting the system to a completely different network and trying to log on as local admin did not work. I finally decided that I had spent enough time on this so I reimaged the system.
0
 

Author Closing Comment

by:RobertEhinger
ID: 39674039
Maybe due to a corrupt Windows installation or some other unknown event, none of the suggested solutions worked and the system had to be reimaged.
0
 

Expert Comment

by:DavidRogers1
ID: 40181546
i have the same issue but with a difference that i have not seen anyone else have.
I have a machine that I can logon to without any problem, but when another user attempts to log on they get the trust message.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
You may have a outside contractor who comes in once a week or seasonal to do some work in your office but you only want to give him access to the programs and files he needs and keep privet all other documents and programs, can you do this on a loca…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question