Solved

workstations getting trust relationship errors and Macbooks have to reboot multiple times to log in

Posted on 2016-11-11
1
111 Views
Last Modified: 2016-11-12
We had a power outtage at one of our three campuses. After the power came on, we started seeing users not able to log in. The Macbooks, couldn't log in with the login window shaking as though it was a bad password. The Macbook users for the most part, are able to log in if they reboot their Macbook.  There are not as many Windows PC users on this domain, but they get an actual error message        " The trust relationship failed...." I have redacted the domain name and ip addresses to post this.  Outside the power outtage, there hasn't been anything changed to have caused this.

Please note, the domain and ip address information was changed in the log below. The rest of the information is directly from a log entry.
==================================

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          11/11/2016 8:42:59 AM
Event ID:      4771
Task Category: Kerberos Authentication Service
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      Papabear3.domainname.org
Description:
Kerberos pre-authentication failed.

Account Information:
      Security ID:            ACADEMIC\macbookname
      Account Name:            macbookname

Service Information:
      Service Name:            krbtgt/domainname.ORG

Network Information:
      Client Address:            10.20.30.40
      Client Port:            57688

Additional Information:
      Ticket Options:            0x40000000
      Failure Code:            0x18
      Pre-Authentication Type:      2

Certificate Information:
      Certificate Issuer Name:            
      Certificate Serial Number:       
      Certificate Thumbprint:            

Certificate information is only provided if a certificate was used for pre-authentication.

Pre-authentication types, ticket options and failure codes are defined in RFC 4120.

If the ticket was malformed or damaged during transit and could not be decrypted, then many fields in this event might not be present.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <EventID>4771</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>14339</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2016-11-11T14:42:59.136315900Z" />
    <EventRecordID>467467624</EventRecordID>
    <Correlation />
    <Execution ProcessID="552" ThreadID="6644" />
    <Channel>Security</Channel>
    <Computer>Papabear3.domainname.org</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="TargetUserName">macbookname</Data>
    <Data Name="TargetSid">S-1-5-21-2135040803-2001415408-48716514-36973</Data>
    <Data Name="ServiceName">krbtgt/domainname.ORG</Data>
    <Data Name="TicketOptions">0x40000000</Data>
    <Data Name="Status">0x18</Data>
    <Data Name="PreAuthType">2</Data>
    <Data Name="IpAddress">10.20.30.40</Data>
    <Data Name="IpPort">57688</Data>
    <Data Name="CertIssuerName">
    </Data>
    <Data Name="CertSerialNumber">
    </Data>
    <Data Name="CertThumbprint">
    </Data>
  </EventData>
</Event>

===================================
0
Comment
Question by:BlakeISS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 25

Accepted Solution

by:
Mohammed Khawaja earned 500 total points
ID: 41884574
You could go to the affected computer properties, click on change domain membership and re-enter the the domain name (i.e. if domain name is xyz.local then enter xyz and if domain shows xyz then enter xyz.local) and this will reset the trust relationship.  Your other option would be to remove PC from domain (i.e. join it to a workgroup) and then rejoin the domain.

Don't know what happened but this should fix it.
1

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question