Link to home
Start Free TrialLog in
Avatar of Samantha Moore
Samantha MooreFlag for United States of America

asked on

How to fix a broken trust relationship between a server 2008 and a server 2003

Today I was adding a new server to my network.  I have several 2K3 servers, one of which is a DC.  I added another server, this one with 2K8 and joined the domain.  After it joined the domain it was having trouble talking to the DC to authenticate users, so I went on to the DC on the Domain Users and Computers screen and clicked on Reset connection for this server.  After that, when tyring to log in with a domain account I get denied access with a message stating that "the trust relationship with this computer has been broken".  So, how do I fix this trust relationship?
ASKER CERTIFIED SOLUTION
Avatar of Cliff Galiher
Cliff Galiher
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Prashant Girennavar
Prashant Girennavar
Flag of India image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Cliff Galiher
Cliff Galiher
Flag of United States of America image
Hitting "reset" on the server in ADUC will break trust every time. I doubt you need to dig into clone/SID issues.
Avatar of Samantha Moore
Samantha Moore
Flag of United States of America image

ASKER

Thanks for all your advice.  I disjoined and joined the domain again.  No problem there.  However, when I try to log in with a user account, now I get the message "To log on to this computer, you must be granted the Allow Logon Through Terminal Services right.  ... and it goes on to tell me how I need to have the user belong to  the "Remote Desktop Users" group.  Now, this user does belong to that group.  I use that same user to log on to other servers.  What should I be looking into here?
Avatar of Cliff Galiher
Cliff Galiher
Flag of United States of America image
If the user is not an admin and this is not for admin purposes, you need to set up Terminal Services. It makes several changes to the local security policy and account settings to allow remote users.
Avatar of Samantha Moore
Samantha Moore
Flag of United States of America image

ASKER

It is a terminal server.  There is also a TS license server on the same server.   This was working before this issue with the broken trust happened.  I'll take a look into the local security policy, see what I can figure out.
Avatar of Sekar Chinnakannu
Sekar Chinnakannu
Flag of Singapore image
Make sure you have added the user on proper group to get access to login to server
Avatar of Prashant Girennavar
Prashant Girennavar
Flag of India image
Make sure the user account is allowed to log on via terminal services. you need to go to the gpedit.msc and do the changes.

http://kb.ncomputing.com/kb/To-log-on-to-this-remote-computer-you-must-be-granted-the-Allow-log-on_243.html

follow above link and make sure user has access to this.

Thanks,

-Prashant Girennavar.