The trust relationship between this workstation and the primary domain controller failed.

We have a Windows 2003 Standard domain controller which is going to be replaced in a few weeks when we have an outage window. Over the past week we have had issues with several workstations displaying the messages the the trust relationship between the workstation and the primary domain controller has failed.

In a few instances we've had the user shut down their workstation, pull the power and network cables for a few seconds and then boot and log in - usually no problem. There have been a few users where the resolution isn't that easy - in fact we've had to remove the workstation from Active Directory and re-join.

This issue is repeating itself on some of the problem workstations. I have also tried resetting the workstation account and rebooting the workstation, but that hasn't helped.

Has anybody run into this issue and if so is there a solution that will prevent this issue from re-occurring?

Thanks in advance for any help.
Poly11Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
How is your overall DC health? Run the following commands...
repadmin /replsum
repadmin /showrepl
repadmin /bridgeheads
DCDiag /v

Also, when you encounter this issue can you run the following command from the domain controller.

netdom verify <computername> /Domain:domain.com /UserO:administrator /PasswordO:*

Open in new window


When you run that command press enter and type in the password to whatever account you are using. This command will check and make sure that the computer account has in fact lost its trust with the domain.

Another thing, I see this type of issue a lot when workstations or servers are not properly syspreped and added to the domain. Properly syspreping machines is critical and if not done properly can create these kind of issues.

Also checking the logs on the workstation as well would be a good indicator of what is going on.

Will.
WORKS2011Managed IT, Cyber Security, BackupCommented:
I would check the computer anti-virus or 3rd party anti-virus / malware software.

I saw this on one computer in a SBS2008 domain and it happened twice. I found it interesting that the same computer only encountered this issue. Looking into it further the user installed a 3rd party app which caused the issue. It was something like Malwarebytes but different (can't recall the name) it made a change to the firewall in the registry which caused the issue. After removing the 3rd part app it never happened again.
Poly11Author Commented:
Thanks for the replies. Netdom is not installed with Windows Server 2003 (at least what I am reading).

The affected workstation did have Malwarebytes installed. I did remove it and reboot, however still getting the same error. The affected workstation is running Windows 8.1 Pro.

Thanks
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

WORKS2011Managed IT, Cyber Security, BackupCommented:
it's likely something with IPv6 and the 2003 server, how long until you can replace it?

Removed the software, removed the computer from the domain, add back then monitor to see if it happens again.

I also changed the computer name to make sure there was no confusion with the SID in AD.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
compdigit44Commented:
Are all the workstations having the problem running Windows 8? Also have you checked DNS to see if the workstation have multiple DNS records listed.
Poly11Author Commented:
We removed the problem workstations from the domain and changed their names, but the problem happened again. After we disabled IPV6 and repeated the process the problem hasn't come back. Thank you!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.