Tim Livers
asked on
fix for 'no computer account for domain trust relationship' domain login error
Microsoft updates claimed another machine. this domain workstation this morning gives the 'no computer account for trust relationship' error refusing login to domain network/server. i can disconnect the Ethernet cable, log in, reconnect the cable and all is perfect. this is a doc workstation with client server patient management, xray, patient charts, plus all the usual suspects. 6 mo old Dell 640 single Server 2016 domain controller, dhcp role, dns role, os raid 1, data 8 drive raid 6. medium size dental practice.
i know to recreate the trust the hard way but will recreate user and loose his desktop, setting etc which i would prefer to avoid as would he.
can i reestablish the computer account trust via a simpler and less destructive procedure?
i know to recreate the trust the hard way but will recreate user and loose his desktop, setting etc which i would prefer to avoid as would he.
can i reestablish the computer account trust via a simpler and less destructive procedure?
You can disjoin a PC from Domain and rejoin without loosing any User, Profile, ...
Did you try searching a newer Driver for the NIC? Login is allowed even though connection PC/AD is not fully working. NIC might get fully connected a few seconds after the User tries to login. A newer NIC Driver might help.
You can use Powershell command:
Test-ComputerSecureChannel -Repair
i know to recreate the trust the hard way but will recreate user and lose his desktop, setting etc which i would prefer to avoid as would he.A hard way? If you get the domain trust error, a solution is to disjoin the computer from the domain, then delete the computer account from Active Directory and join the computer back to the domain... Or you can use the command I provided. You don't lose any user settings or data. It has nothing to do with a user, it's computer<->domain trust issue.
Log on as local admin,
disconnect machine from domain
re add to domain,
Like Hello There says, it shouldn't affect the users domain profile, it will still be there after the re add.
ASKER
Interesting. I assume you replace test with something local?
ASKER
I did the local admin procedure on another of the exact same error earlier and it reset the user profile and I had to recreate plus lost all local passwords
join it to a 'workgroup' to get out of the domain
ASKER
That’s what I meant by the hard way. It recreated the computer trust but was a major headache
ASKER
Did the workgroup join as part of the reset. Then rejoined. That’s the session that while fixed trust, lost profile.
Interesting. I assume you replace test with something local?If this is a response to me, the answer is no. You use the command as it is.
If you lost the profile, something had to be really wrong. I use the procedure I described and I've never lost anything.
I'd say this was an exception and you shouldn't be worried to disjoin the computer from a domain next time.
This is NOT hard way !
I did it many time in my life. If for some reason trust between computer and domain controller failed only one way to repair it is to remove computer from domain then re-join again.
There is no consequences this action.
Only one think you must know is local user password and local user must be a member of local Administrators group
I did it many time in my life. If for some reason trust between computer and domain controller failed only one way to repair it is to remove computer from domain then re-join again.
There is no consequences this action.
Only one think you must know is local user password and local user must be a member of local Administrators group
ASKER
To Hello there,
ref
test-computersecurechannel - repair
im onsite and have run your powershell command (as administrator) and it returns 'FALSE'. with and without the '-repair' I had as associate recreate the computer trust issue on a test server/lan and tested this command and it returned true without the -repair. with the -repair it returned the original computer trust denied error.
thoughts?
Thx
ref
test-computersecurechannel
im onsite and have run your powershell command (as administrator) and it returns 'FALSE'. with and without the '-repair' I had as associate recreate the computer trust issue on a test server/lan and tested this command and it returned true without the -repair. with the -repair it returned the original computer trust denied error.
thoughts?
Thx
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.