AYR IT
asked on
Why do Server's and workstations at our main site keep losing trust relationship
Lately we have been dealing with increasing amounts of workstations and servers that are losing trust relationship with our domain. Our Functional Forest level is Server 2012, and all of the affected machines range from Windows Server 2008 to Windows Server 2016, as well as Windows 10 on the workstations. I know that the Computer Machine Password gets reset every 30 days, but I have deployed a computer to a new user ( no image used to create the PC, it was a barebones windows install with the whole setup done manually) and within 1 week of that user starting, she received a domain trust relationship error. This recently happened to our Exchange server which is Server 2008 and the Reset-ComputerMachinePassw ord command did not work and we had to remove and re-add to the domain, so part of me thinks that it is the machine password and part of me thinks its an issue with some other networking component. We have three sites and so far the main site that I am located in is the only one to have these types of trust relationship issues. When speaking with Microsoft they said it is because the machine cannot find the domain controller, but they gave no evidence or a process to follow to try and pinpoint why this is the case. Is anyone else dealing with a similar issue?
Is the time syncing correctly across the domain?
Well, I doubt they will even give you the information since this is not a "support case" it's more like a project.
And yes when you lose connectivity with the domain controller, then Relationship issues start to happen.
They can be mostly related to networking.
So check the networking and ports, here's an extensive list of the ports that should be open between the 3 sites (to maintain domain controllers in touch)
https://support.microsoft.com/en-gb/help/179442/how-to-configure-a-firewall-for-domains-and-trusts
So start testing the ports and make sure they're open, another point is to send traffic over and make sure that is being received.
discard the networking part, or start changing parts, check cables and connectors.
And check Replication between DCs on different sites probably is there the problem, on the AD replication
And yes when you lose connectivity with the domain controller, then Relationship issues start to happen.
They can be mostly related to networking.
So check the networking and ports, here's an extensive list of the ports that should be open between the 3 sites (to maintain domain controllers in touch)
https://support.microsoft.com/en-gb/help/179442/how-to-configure-a-firewall-for-domains-and-trusts
So start testing the ports and make sure they're open, another point is to send traffic over and make sure that is being received.
discard the networking part, or start changing parts, check cables and connectors.
And check Replication between DCs on different sites probably is there the problem, on the AD replication
ASKER
yes our PDC receives the time from an external time server and then the rest of our machine sync time with the PDC
ASKER
We have checked AD replication and there are no errors at all, and Microsoft actually confirmed that they don't see any replication errors. we also are not blocking any traffic internally so all the ports that we need shouldn't be an issue, but I will go and manually test these ports just to make sure
If firewall exists between clients and dc, then port needs to be tested
U can use microsoft portqueryui tool and from client machine run the tool and run "domains and trust" test against dc ip
Also check you ad sites to service subnet assignments and ensure that all subnets are attached to appropriate ad site and clients are indeed reporting to intended domain controllers
Run %logonserver% from client machine to make sure it is reporting to dcs in same site as client subnet
Also check dns search suffix list if configured on clients, if yes, ensure 1st domain in the list is your ad domain, otherwise that would be issue for authentication
And lastly ensure that there is no public dns servers listed on clients network cards either manually or through dhcp
U can use microsoft portqueryui tool and from client machine run the tool and run "domains and trust" test against dc ip
Also check you ad sites to service subnet assignments and ensure that all subnets are attached to appropriate ad site and clients are indeed reporting to intended domain controllers
Run %logonserver% from client machine to make sure it is reporting to dcs in same site as client subnet
Also check dns search suffix list if configured on clients, if yes, ensure 1st domain in the list is your ad domain, otherwise that would be issue for authentication
And lastly ensure that there is no public dns servers listed on clients network cards either manually or through dhcp
ASKER
I have used the port tool to test with my machines connection to both DC's in our environment and there were no issues in the queries. When I run %logonserver% it does indeed take me to the DC that is at my site location. Should DNS settings look like the image attached of my workstations?
dns-settings.JPG
dns-settings.JPG
you can't find public dns servers or dns search suffix list with above screen shot
Pl post here ipconfig /all output
Pl post here ipconfig /all output
ASKER
Windows IP Configuration
Host Name . . . . . . . . . . . . : LTUS1898-1
Primary Dns Suffix . . . . . . . : aircastleinv.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : aircastleinv.com
Ethernet adapter Ethernet 4:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : PANGP Virtual Ethernet Adapter
Physical Address. . . . . . . . . : 02-50-41-00-00-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Ethernet:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : aircastleinv.com
Description . . . . . . . . . . . : Intel(R) Ethernet Connection (4) I219-LM
Physical Address. . . . . . . . . : 8C-16-45-8E-12-EE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 1:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 38-DE-AD-DC-85-2B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
Physical Address. . . . . . . . . : 3A-DE-AD-DC-85-2A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter VMware Network Adapter VMnet1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d4f0:342f:9c36:e831% 15(Preferr ed)
IPv4 Address. . . . . . . . . . . : 192.168.30.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, February 28, 2019 8:36:04 AM
Lease Expires . . . . . . . . . . : Thursday, February 28, 2019 1:50:45 PM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 192.168.30.254
DHCPv6 IAID . . . . . . . . . . . : 721440854
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-C3-C6-E3-8C -16-45-8E- 12-EE
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter VMware Network Adapter VMnet8:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c14e:57cc:42fa:efc%1 1(Preferre d)
IPv4 Address. . . . . . . . . . . : 192.168.158.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, February 28, 2019 8:36:04 AM
Lease Expires . . . . . . . . . . : Thursday, February 28, 2019 1:50:49 PM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 192.168.158.254
DHCPv6 IAID . . . . . . . . . . . : 738218070
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-C3-C6-E3-8C -16-45-8E- 12-EE
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
Primary WINS Server . . . . . . . : 192.168.158.2
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter Ethernet 5:
Connection-specific DNS Suffix . : aircastleinv.com
Description . . . . . . . . . . . : ThinkPad USB-C Dock Ethernet
Physical Address. . . . . . . . . : 3C-E1-A1-4C-A2-C9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::54f7:2e5e:48a5:bc02% 9(Preferre d)
IPv4 Address. . . . . . . . . . . : 10.7.16.157(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, February 28, 2019 8:36:09 AM
Lease Expires . . . . . . . . . . : Friday, March 1, 2019 10:35:53 AM
Default Gateway . . . . . . . . . : 10.7.16.1
DHCP Server . . . . . . . . . . . : 10.7.1.20
DHCPv6 IAID . . . . . . . . . . . : 842850721
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-C3-C6-E3-8C -16-45-8E- 12-EE
DNS Servers . . . . . . . . . . . : 10.7.1.21
10.7.1.20
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wi-Fi:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : aircastleinv.com
Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 8265
Physical Address. . . . . . . . . : 38-DE-AD-DC-85-2A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 38-DE-AD-DC-85-2E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Host Name . . . . . . . . . . . . : LTUS1898-1
Primary Dns Suffix . . . . . . . : aircastleinv.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : aircastleinv.com
Ethernet adapter Ethernet 4:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : PANGP Virtual Ethernet Adapter
Physical Address. . . . . . . . . : 02-50-41-00-00-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Ethernet:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : aircastleinv.com
Description . . . . . . . . . . . : Intel(R) Ethernet Connection (4) I219-LM
Physical Address. . . . . . . . . : 8C-16-45-8E-12-EE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 1:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 38-DE-AD-DC-85-2B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
Physical Address. . . . . . . . . : 3A-DE-AD-DC-85-2A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter VMware Network Adapter VMnet1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d4f0:342f:9c36:e831%
IPv4 Address. . . . . . . . . . . : 192.168.30.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, February 28, 2019 8:36:04 AM
Lease Expires . . . . . . . . . . : Thursday, February 28, 2019 1:50:45 PM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 192.168.30.254
DHCPv6 IAID . . . . . . . . . . . : 721440854
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-C3-C6-E3-8C
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter VMware Network Adapter VMnet8:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c14e:57cc:42fa:efc%1
IPv4 Address. . . . . . . . . . . : 192.168.158.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, February 28, 2019 8:36:04 AM
Lease Expires . . . . . . . . . . : Thursday, February 28, 2019 1:50:49 PM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 192.168.158.254
DHCPv6 IAID . . . . . . . . . . . : 738218070
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-C3-C6-E3-8C
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
Primary WINS Server . . . . . . . : 192.168.158.2
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter Ethernet 5:
Connection-specific DNS Suffix . : aircastleinv.com
Description . . . . . . . . . . . : ThinkPad USB-C Dock Ethernet
Physical Address. . . . . . . . . : 3C-E1-A1-4C-A2-C9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::54f7:2e5e:48a5:bc02%
IPv4 Address. . . . . . . . . . . : 10.7.16.157(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, February 28, 2019 8:36:09 AM
Lease Expires . . . . . . . . . . : Friday, March 1, 2019 10:35:53 AM
Default Gateway . . . . . . . . . : 10.7.16.1
DHCP Server . . . . . . . . . . . : 10.7.1.20
DHCPv6 IAID . . . . . . . . . . . : 842850721
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-C3-C6-E3-8C
DNS Servers . . . . . . . . . . . : 10.7.1.21
10.7.1.20
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wi-Fi:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : aircastleinv.com
Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 8265
Physical Address. . . . . . . . . : 38-DE-AD-DC-85-2A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 38-DE-AD-DC-85-2E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
This machine has lot of network adapter and may be victim of multi homed computer can cause trust error
You need to disable all unwanted network adapter and check for this specific machine
but what about servers, are they have all static IPs and pointing to only internal dns servers and do they configured with dns search suffix list group policies where local ad name is not 1st in the list?
You need to disable all unwanted network adapter and check for this specific machine
but what about servers, are they have all static IPs and pointing to only internal dns servers and do they configured with dns search suffix list group policies where local ad name is not 1st in the list?
ASKER
Our servers all have static IP's that are handed by an internal DNS server. Below is a ipconfig /all for one of the servers that currently just got hit with the problem. There is only one network adapter listed for this server under the control panel.
C:\Users\Administrator>ipc onfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : CT-SASMETATEST
Primary Dns Suffix . . . . . . . : aircastleinv.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : aircastleinv.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connectio
Physical Address. . . . . . . . . : 00-50-56-AA-4C-CB
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.7.1.198(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.7.1.1
DNS Servers . . . . . . . . . . . : 10.7.1.21
10.7.1.20
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{42213428-2F7D-47D0 -B424-A726 9EEBC8B6}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\Administrator>ipc
Windows IP Configuration
Host Name . . . . . . . . . . . . : CT-SASMETATEST
Primary Dns Suffix . . . . . . . : aircastleinv.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : aircastleinv.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connectio
Physical Address. . . . . . . . . : 00-50-56-AA-4C-CB
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.7.1.198(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.7.1.1
DNS Servers . . . . . . . . . . . : 10.7.1.21
10.7.1.20
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{42213428-2F7D-47D0
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
can you post from PDC below
dcdiag /v from elevated cmd?
also need:
repadmin /replsum * /bysrc /bydest /sort:delta
dcdiag /v from elevated cmd?
also need:
repadmin /replsum * /bysrc /bydest /sort:delta
ASKER
Beginning data collection for replication summary, this may take awhile:
............
Source DSA largest delta fails/total %% error
DR-DC1 12m:23s 0 / 10 0
DR-DC2 12m:23s 0 / 5 0
SG-DC1 12m:23s 0 / 23 0
CT-DC2 12m:04s 0 / 13 0
CT-DC1 11m:44s 0 / 8 0
SG-DC2 08m:17s 0 / 5 0
IE-DC2 08m:10s 0 / 10 0
IE-DC1 04m:18s 0 / 5 0
Destination DSA largest delta fails/total %% error
DR-DC2 12m:30s 0 / 10 0
DR-DC1 12m:30s 0 / 5 0
CT-DC1 12m:04s 0 / 5 0
CT-DCRO 11m:58s 0 / 9 0
CT-DC2 10m:39s 0 / 10 0
SG-DC2 10m:35s 0 / 5 0
SG-DC1 08m:18s 0 / 20 0
IE-DC2 04m:31s 0 / 5 0
IE-DC1 03m:22s 0 / 10 0
dcdiag.txt
............
Source DSA largest delta fails/total %% error
DR-DC1 12m:23s 0 / 10 0
DR-DC2 12m:23s 0 / 5 0
SG-DC1 12m:23s 0 / 23 0
CT-DC2 12m:04s 0 / 13 0
CT-DC1 11m:44s 0 / 8 0
SG-DC2 08m:17s 0 / 5 0
IE-DC2 08m:10s 0 / 10 0
IE-DC1 04m:18s 0 / 5 0
Destination DSA largest delta fails/total %% error
DR-DC2 12m:30s 0 / 10 0
DR-DC1 12m:30s 0 / 5 0
CT-DC1 12m:04s 0 / 5 0
CT-DCRO 11m:58s 0 / 9 0
CT-DC2 10m:39s 0 / 10 0
SG-DC2 10m:35s 0 / 5 0
SG-DC1 08m:18s 0 / 20 0
IE-DC2 04m:31s 0 / 5 0
IE-DC1 03m:22s 0 / 10 0
dcdiag.txt
ASKER
So we have been able to run a powershell script that shows when the last time a workstation or server had its computer account password reset. With this we can figure out when we will likely receive the trust relationship error. We still have not come any closer to a solution or tracking down why some machines are having a hard time contacting a DC to reset the machine password. Is there an event or process that makes that happen? For example do the machines need to be rebooted, or do they need to run a gpupdate in order to reset the machine password? Some of our servers have not been receiving a reboot command we have been sending out and I just want to know if that could be our issue.
ASKER
when using nltest I received the following output to determine the failures for all DC-specific DNS records
I_NetLogonControl failed: Status = 50 0x32 ERROR_NOT_SUPPORTED
this is on a machine that has not had the password reset in over 59 days, but we have not yet received the trust relationship error
I_NetLogonControl failed: Status = 50 0x32 ERROR_NOT_SUPPORTED
this is on a machine that has not had the password reset in over 59 days, but we have not yet received the trust relationship error
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.