How To Fix Domain Trust Issues in Active Directory

How To Fix Domain Trust Issues in Active Directory, I tried the below steps no luck. Also need to know the reason for trus relationship error.

1.      Try to reset the computer account and check.
2.      Try to run this PS command on client machine Test-ComputerSecureChannel –Server DC verbose and make sure output returns True.
- If command output returns False, proceed with next step.
- Repair the trust relationship of the client machine using PS command.
- Run Test-ComputerSecureChannel –Server DC -Repair -Verbose
3.      Last option is to disjoin and rejoin the machine manually to ad.domain.com

 I NEED HELP TO FIX THE ISSUE WITHOUT REJOINING MACHINE TO DOMAIN
sureshkumaritAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sekar ChinnakannuStaff EngineerCommented:
try to reset the computer using netdom.exe command,

netdom resetpwd /s:DOMAINCONTROLLER /ud:domain\USERID /pd:PASSWORD
0
SandeshdubeySenior Server EngineerCommented:
It seems to be dns name resolution issue. The error message "'The trust relationship between this workstation and the primary domain failed or secure channel is broken' indicates that secure channel between the client server and DC is broken. This could be due to multiple reasons.


(1) Check the DNS & WINS entries?
DNS configuration on clients and member servers:
-----------------------------------
1. Each workstation/member server should point to local DNS server as primary DNS and other remote DNS servers as secondary.
2. Do not set public DNS server in TCP/IP setting of WS.

(2) Check whether the Firewall service is ON of OFF?
Refer link this to diable the firewall:http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx

(3) Check the status of the Browser service?
It should be started.

(4) Check the status of the machines account in the AD?(It may be disabled)
If the Machine account is disable enable the same.

(5) Try using netdom utility to reset the secure channel between the client & the domain controller?
http://support.microsoft.com/kb/260575

(6) Else remove the client from the domain & readd it to the domain

(7)Also check the DNS console for duplicate record for the host machine and remove the same.
Note:It could be due to AV(McAfee,Symantec, Trend, etc) or 3rd party security application which act as firewall and block AD communuctaion.AV like Symantec,trend,etc have new features to "protect network traffic".Please check AV setting and disable the same if defined.

Take a look at below hotfix too.A secure channel is broken after you change the computer password on a Windows 7 or Windows Server 2008 R2-based client computer:http://support.microsoft.com/kb/979495

Hope this helps
0
sureshkumaritAuthor Commented:
C:\windows\system32>netdom resetpwd /s: DOMAIN CONTROLLER /ud: DOMAIL\USERID /pd:*
Type the password associated with the domain user:

The machine account password for the local machine could not be reset.

Logon failure: unknown user name or bad password.

The command failed to complete successfully.

I am sure I am trying correct password. I am getting this output, can you please help, Should I need to use domain admin account to reset computer account from client machine???
0
David Johnson, CD, MVPOwnerCommented:
yes you should use a domain admin
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sureshkumaritAuthor Commented:
Excellent  working
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.