[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How to fix a broken trust relationship between a server 2008 and a server 2003

Posted on 2014-08-24
8
Medium Priority
?
1,711 Views
Last Modified: 2014-08-28
Today I was adding a new server to my network.  I have several 2K3 servers, one of which is a DC.  I added another server, this one with 2K8 and joined the domain.  After it joined the domain it was having trouble talking to the DC to authenticate users, so I went on to the DC on the Domain Users and Computers screen and clicked on Reset connection for this server.  After that, when tyring to log in with a domain account I get denied access with a message stating that "the trust relationship with this computer has been broken".  So, how do I fix this trust relationship?
0
Comment
Question by:samjomoore
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 60

Accepted Solution

by:
Cliff Galiher earned 1200 total points
ID: 40282432
Disjoin and rejoin the domain.
0
 
LVL 10

Assisted Solution

by:Prashant Girennavar
Prashant Girennavar earned 800 total points
ID: 40282439
Did you create the new server using a clone ? I think , it might be an issue with duplicate SID.


There might be multiple reasons for this kind of behaviour. Below are listed a few of them:

1.Single SID has been assigned to multiple computers.
2.If the Secure Channel is Broken between Domain controller and workstations
3.If there are no SPN or DNSHost Name mentioned in the computer account attributes
4.Outdated NIC Drivers.

For sure , disjoining and rejoining the computer will resolve the issue.

You may want to understand this behavior. I have a techwiki article on this.

http://social.technet.microsoft.com/wiki/contents/articles/9157.troubleshooting-ad-trust-relationship-between-workstation-and-primary-domain-failed.aspx


Thanks,

-Prashant Girennavar.
0
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 40282445
Hitting "reset" on the server in ADUC will break trust every time. I doubt you need to dig into clone/SID issues.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 1

Author Comment

by:samjomoore
ID: 40282460
Thanks for all your advice.  I disjoined and joined the domain again.  No problem there.  However, when I try to log in with a user account, now I get the message "To log on to this computer, you must be granted the Allow Logon Through Terminal Services right.  ... and it goes on to tell me how I need to have the user belong to  the "Remote Desktop Users" group.  Now, this user does belong to that group.  I use that same user to log on to other servers.  What should I be looking into here?
0
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 40282463
If the user is not an admin and this is not for admin purposes, you need to set up Terminal Services. It makes several changes to the local security policy and account settings to allow remote users.
0
 
LVL 1

Author Comment

by:samjomoore
ID: 40282468
It is a terminal server.  There is also a TS license server on the same server.   This was working before this issue with the broken trust happened.  I'll take a look into the local security policy, see what I can figure out.
0
 
LVL 26

Expert Comment

by:Sekar Chinnakannu
ID: 40282504
Make sure you have added the user on proper group to get access to login to server
0
 
LVL 10

Expert Comment

by:Prashant Girennavar
ID: 40282731
Make sure the user account is allowed to log on via terminal services. you need to go to the gpedit.msc and do the changes.

http://kb.ncomputing.com/kb/To-log-on-to-this-remote-computer-you-must-be-granted-the-Allow-log-on_243.html

follow above link and make sure user has access to this.

Thanks,

-Prashant Girennavar.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question