[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 137
  • Last Modified:

workstations getting trust relationship errors and Macbooks have to reboot multiple times to log in

We had a power outtage at one of our three campuses. After the power came on, we started seeing users not able to log in. The Macbooks, couldn't log in with the login window shaking as though it was a bad password. The Macbook users for the most part, are able to log in if they reboot their Macbook.  There are not as many Windows PC users on this domain, but they get an actual error message        " The trust relationship failed...." I have redacted the domain name and ip addresses to post this.  Outside the power outtage, there hasn't been anything changed to have caused this.

Please note, the domain and ip address information was changed in the log below. The rest of the information is directly from a log entry.
==================================

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          11/11/2016 8:42:59 AM
Event ID:      4771
Task Category: Kerberos Authentication Service
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      Papabear3.domainname.org
Description:
Kerberos pre-authentication failed.

Account Information:
      Security ID:            ACADEMIC\macbookname
      Account Name:            macbookname

Service Information:
      Service Name:            krbtgt/domainname.ORG

Network Information:
      Client Address:            10.20.30.40
      Client Port:            57688

Additional Information:
      Ticket Options:            0x40000000
      Failure Code:            0x18
      Pre-Authentication Type:      2

Certificate Information:
      Certificate Issuer Name:            
      Certificate Serial Number:       
      Certificate Thumbprint:            

Certificate information is only provided if a certificate was used for pre-authentication.

Pre-authentication types, ticket options and failure codes are defined in RFC 4120.

If the ticket was malformed or damaged during transit and could not be decrypted, then many fields in this event might not be present.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <EventID>4771</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>14339</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2016-11-11T14:42:59.136315900Z" />
    <EventRecordID>467467624</EventRecordID>
    <Correlation />
    <Execution ProcessID="552" ThreadID="6644" />
    <Channel>Security</Channel>
    <Computer>Papabear3.domainname.org</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="TargetUserName">macbookname</Data>
    <Data Name="TargetSid">S-1-5-21-2135040803-2001415408-48716514-36973</Data>
    <Data Name="ServiceName">krbtgt/domainname.ORG</Data>
    <Data Name="TicketOptions">0x40000000</Data>
    <Data Name="Status">0x18</Data>
    <Data Name="PreAuthType">2</Data>
    <Data Name="IpAddress">10.20.30.40</Data>
    <Data Name="IpPort">57688</Data>
    <Data Name="CertIssuerName">
    </Data>
    <Data Name="CertSerialNumber">
    </Data>
    <Data Name="CertThumbprint">
    </Data>
  </EventData>
</Event>

===================================
0
BlakeISS
Asked:
BlakeISS
1 Solution
 
Mohammed KhawajaCommented:
You could go to the affected computer properties, click on change domain membership and re-enter the the domain name (i.e. if domain name is xyz.local then enter xyz and if domain shows xyz then enter xyz.local) and this will reset the trust relationship.  Your other option would be to remove PC from domain (i.e. join it to a workgroup) and then rejoin the domain.

Don't know what happened but this should fix it.
1

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now