Solved

workstations getting trust relationship errors and Macbooks have to reboot multiple times to log in

Posted on 2016-11-11
1
44 Views
Last Modified: 2016-11-12
We had a power outtage at one of our three campuses. After the power came on, we started seeing users not able to log in. The Macbooks, couldn't log in with the login window shaking as though it was a bad password. The Macbook users for the most part, are able to log in if they reboot their Macbook.  There are not as many Windows PC users on this domain, but they get an actual error message        " The trust relationship failed...." I have redacted the domain name and ip addresses to post this.  Outside the power outtage, there hasn't been anything changed to have caused this.

Please note, the domain and ip address information was changed in the log below. The rest of the information is directly from a log entry.
==================================

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          11/11/2016 8:42:59 AM
Event ID:      4771
Task Category: Kerberos Authentication Service
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      Papabear3.domainname.org
Description:
Kerberos pre-authentication failed.

Account Information:
      Security ID:            ACADEMIC\macbookname
      Account Name:            macbookname

Service Information:
      Service Name:            krbtgt/domainname.ORG

Network Information:
      Client Address:            10.20.30.40
      Client Port:            57688

Additional Information:
      Ticket Options:            0x40000000
      Failure Code:            0x18
      Pre-Authentication Type:      2

Certificate Information:
      Certificate Issuer Name:            
      Certificate Serial Number:       
      Certificate Thumbprint:            

Certificate information is only provided if a certificate was used for pre-authentication.

Pre-authentication types, ticket options and failure codes are defined in RFC 4120.

If the ticket was malformed or damaged during transit and could not be decrypted, then many fields in this event might not be present.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <EventID>4771</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>14339</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2016-11-11T14:42:59.136315900Z" />
    <EventRecordID>467467624</EventRecordID>
    <Correlation />
    <Execution ProcessID="552" ThreadID="6644" />
    <Channel>Security</Channel>
    <Computer>Papabear3.domainname.org</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="TargetUserName">macbookname</Data>
    <Data Name="TargetSid">S-1-5-21-2135040803-2001415408-48716514-36973</Data>
    <Data Name="ServiceName">krbtgt/domainname.ORG</Data>
    <Data Name="TicketOptions">0x40000000</Data>
    <Data Name="Status">0x18</Data>
    <Data Name="PreAuthType">2</Data>
    <Data Name="IpAddress">10.20.30.40</Data>
    <Data Name="IpPort">57688</Data>
    <Data Name="CertIssuerName">
    </Data>
    <Data Name="CertSerialNumber">
    </Data>
    <Data Name="CertThumbprint">
    </Data>
  </EventData>
</Event>

===================================
0
Comment
Question by:BlakeISS
1 Comment
 
LVL 24

Accepted Solution

by:
Mohammed Khawaja earned 500 total points
Comment Utility
You could go to the affected computer properties, click on change domain membership and re-enter the the domain name (i.e. if domain name is xyz.local then enter xyz and if domain shows xyz then enter xyz.local) and this will reset the trust relationship.  Your other option would be to remove PC from domain (i.e. join it to a workgroup) and then rejoin the domain.

Don't know what happened but this should fix it.
1

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now