How to fix a broken trust relationship between a server 2008 and a server 2003

Today I was adding a new server to my network.  I have several 2K3 servers, one of which is a DC.  I added another server, this one with 2K8 and joined the domain.  After it joined the domain it was having trouble talking to the DC to authenticate users, so I went on to the DC on the Domain Users and Computers screen and clicked on Reset connection for this server.  After that, when tyring to log in with a domain account I get denied access with a message stating that "the trust relationship with this computer has been broken".  So, how do I fix this trust relationship?
LVL 1
samjomooreAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
Disjoin and rejoin the domain.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Prashant GirennavarCommented:
Did you create the new server using a clone ? I think , it might be an issue with duplicate SID.


There might be multiple reasons for this kind of behaviour. Below are listed a few of them:

1.Single SID has been assigned to multiple computers.
2.If the Secure Channel is Broken between Domain controller and workstations
3.If there are no SPN or DNSHost Name mentioned in the computer account attributes
4.Outdated NIC Drivers.

For sure , disjoining and rejoining the computer will resolve the issue.

You may want to understand this behavior. I have a techwiki article on this.

http://social.technet.microsoft.com/wiki/contents/articles/9157.troubleshooting-ad-trust-relationship-between-workstation-and-primary-domain-failed.aspx


Thanks,

-Prashant Girennavar.
0
Cliff GaliherCommented:
Hitting "reset" on the server in ADUC will break trust every time. I doubt you need to dig into clone/SID issues.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

samjomooreAuthor Commented:
Thanks for all your advice.  I disjoined and joined the domain again.  No problem there.  However, when I try to log in with a user account, now I get the message "To log on to this computer, you must be granted the Allow Logon Through Terminal Services right.  ... and it goes on to tell me how I need to have the user belong to  the "Remote Desktop Users" group.  Now, this user does belong to that group.  I use that same user to log on to other servers.  What should I be looking into here?
0
Cliff GaliherCommented:
If the user is not an admin and this is not for admin purposes, you need to set up Terminal Services. It makes several changes to the local security policy and account settings to allow remote users.
0
samjomooreAuthor Commented:
It is a terminal server.  There is also a TS license server on the same server.   This was working before this issue with the broken trust happened.  I'll take a look into the local security policy, see what I can figure out.
0
Sekar ChinnakannuStaff EngineerCommented:
Make sure you have added the user on proper group to get access to login to server
0
Prashant GirennavarCommented:
Make sure the user account is allowed to log on via terminal services. you need to go to the gpedit.msc and do the changes.

http://kb.ncomputing.com/kb/To-log-on-to-this-remote-computer-you-must-be-granted-the-Allow-log-on_243.html

follow above link and make sure user has access to this.

Thanks,

-Prashant Girennavar.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.