Solved

workstations getting trust relationship errors and Macbooks have to reboot multiple times to log in

Posted on 2016-11-11
1
90 Views
Last Modified: 2016-11-12
We had a power outtage at one of our three campuses. After the power came on, we started seeing users not able to log in. The Macbooks, couldn't log in with the login window shaking as though it was a bad password. The Macbook users for the most part, are able to log in if they reboot their Macbook.  There are not as many Windows PC users on this domain, but they get an actual error message        " The trust relationship failed...." I have redacted the domain name and ip addresses to post this.  Outside the power outtage, there hasn't been anything changed to have caused this.

Please note, the domain and ip address information was changed in the log below. The rest of the information is directly from a log entry.
==================================

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          11/11/2016 8:42:59 AM
Event ID:      4771
Task Category: Kerberos Authentication Service
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      Papabear3.domainname.org
Description:
Kerberos pre-authentication failed.

Account Information:
      Security ID:            ACADEMIC\macbookname
      Account Name:            macbookname

Service Information:
      Service Name:            krbtgt/domainname.ORG

Network Information:
      Client Address:            10.20.30.40
      Client Port:            57688

Additional Information:
      Ticket Options:            0x40000000
      Failure Code:            0x18
      Pre-Authentication Type:      2

Certificate Information:
      Certificate Issuer Name:            
      Certificate Serial Number:       
      Certificate Thumbprint:            

Certificate information is only provided if a certificate was used for pre-authentication.

Pre-authentication types, ticket options and failure codes are defined in RFC 4120.

If the ticket was malformed or damaged during transit and could not be decrypted, then many fields in this event might not be present.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <EventID>4771</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>14339</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2016-11-11T14:42:59.136315900Z" />
    <EventRecordID>467467624</EventRecordID>
    <Correlation />
    <Execution ProcessID="552" ThreadID="6644" />
    <Channel>Security</Channel>
    <Computer>Papabear3.domainname.org</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="TargetUserName">macbookname</Data>
    <Data Name="TargetSid">S-1-5-21-2135040803-2001415408-48716514-36973</Data>
    <Data Name="ServiceName">krbtgt/domainname.ORG</Data>
    <Data Name="TicketOptions">0x40000000</Data>
    <Data Name="Status">0x18</Data>
    <Data Name="PreAuthType">2</Data>
    <Data Name="IpAddress">10.20.30.40</Data>
    <Data Name="IpPort">57688</Data>
    <Data Name="CertIssuerName">
    </Data>
    <Data Name="CertSerialNumber">
    </Data>
    <Data Name="CertThumbprint">
    </Data>
  </EventData>
</Event>

===================================
0
Comment
Question by:BlakeISS
1 Comment
 
LVL 25

Accepted Solution

by:
Mohammed Khawaja earned 500 total points
ID: 41884574
You could go to the affected computer properties, click on change domain membership and re-enter the the domain name (i.e. if domain name is xyz.local then enter xyz and if domain shows xyz then enter xyz.local) and this will reset the trust relationship.  Your other option would be to remove PC from domain (i.e. join it to a workgroup) and then rejoin the domain.

Don't know what happened but this should fix it.
1

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How do we balance the user experience (UX) with reasonable security measures? It can be done, if you keep these fundamentals in mind.
The related questions "How do I recover the passwords for my Q-See DVR" and "How can I reset my Q-See DVR to eliminate a password" are seen several times a week.  Here we discuss the grim reality of the situation.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question