Lost Trust Relationship
Network managed by Windows Server 2008 R2 with all clients Windows 7 Pro 32 bit. I have a couple of clients that generate a message that the trust relationship has been lost with the domain controller. I have one DC and about 150 clients. I wanted to log on locally as the local administrator but when I tried to do that I got a message that the group policy service had not started. I tried safe mode but could not log on. So I have a couple for questions - 1) How do I solve this problem and get this computer to rejoin the "trust relationship" and 2) what causes this and how can I prevent it?
Thank you!
Robert
Thank you!
Robert
Just came across this blog entry, which is quite long but informative (I haven't read the whole thing yet).
Might give it a look. They propose there's an alternative fix/explanation than just rejoining the domain.
http://implbits.com/About/Blog/tabid/78/post/don-t-rejoin-to-fix-the-trust-relationship-between-this-workstation-and-the-primary-domain-failed/Default.aspx
Might give it a look. They propose there's an alternative fix/explanation than just rejoining the domain.
http://implbits.com/About/Blog/tabid/78/post/don-t-rejoin-to-fix-the-trust-relationship-between-this-workstation-and-the-primary-domain-failed/Default.aspx
You can reset the secure channel but it is easier just to remove from the domain, delete the computer object from AD then rejoin.
Unplug the network cable and logon as domain admin. reconnect network cable and remove from domain and rejoin. Havent found any other solution to it or how to prevent it. Local admin is disabled when u join domain.
Use netdom command to reset the computer account password if this doesn't work... remove computer from the domain, delete the computer account from active directory users and computers and wait for changes to AD to replicate to all of your DC before rejoining the computer..
ASKER
Here is an update to what I tried based on the above suggestions -
Disconnected the Ethernet cable and tried logging in with local admin account - error message - "Group policy service failed the login. Access is denied."
Tried the same thing in safe mode and after entering the local admin username and password the screen changed to the black screen with safe mode in all four comers and then it went back to the log on screen.
I plugged the Ethernet cable back in and tried Safe Mode with networking and got the exact same result.
Restarted computer and tried logging in normally with local admin account and received the following error - "The security database on the server does not have a computer account for this workstation trust relationship."
Tried logging on as a user and got the same message.
Don't I need to get logged on in order to use the netdom command?
Disconnected the Ethernet cable and tried logging in with local admin account - error message - "Group policy service failed the login. Access is denied."
Tried the same thing in safe mode and after entering the local admin username and password the screen changed to the black screen with safe mode in all four comers and then it went back to the log on screen.
I plugged the Ethernet cable back in and tried Safe Mode with networking and got the exact same result.
Restarted computer and tried logging in normally with local admin account and received the following error - "The security database on the server does not have a computer account for this workstation trust relationship."
Tried logging on as a user and got the same message.
Don't I need to get logged on in order to use the netdom command?
you can run netdom remotely using remote powershell or command prompt.
could be silly, but give it a try... can you pls. try the username as .\<localadmin>
local admin account is disabled. unplug the nic and logon as you would with domain admin account then plug nic back in and un/rejoin domain
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Maybe due to a corrupt Windows installation or some other unknown event, none of the suggested solutions worked and the system had to be reimaged.
i have the same issue but with a difference that i have not seen anyone else have.
I have a machine that I can logon to without any problem, but when another user attempts to log on they get the trust message.
I have a machine that I can logon to without any problem, but when another user attempts to log on they get the trust message.
As for the causes of a trust issue (typically happens on clients), there are many possible causes. A few solutions were posted in this link:
http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_install/windows-7-computers-lose-trust-with-the-domain/2ac6088a-f089-4ed6-9842-865406e4dcf2