Link to home
Create AccountLog in
Avatar of Dave Ellis
Dave EllisFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Trust relationship between a Win10 client and a Windows Server

I recently had a problem with a Windows Server 2016 Standard Edition. The motherboard and memory modules were replaced and I had to restore from an image backup from two months earlier.

On bringing up the restored system then the trust relationship between the clients and the server was broken. I followed the normal process of switching the clients to a Workgroup and then re-joining the domain.

Was the trust relationship broken because of restoring an old backup or the replacement of the motherboard ?

Could someone explain how the trust relationship works please ?
Avatar of Paul MacDonald
Paul MacDonald
Flag of United States of America image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
It's the restoring from backup that caused the trust relationship to break. This is due to the machine changing its AD machine password. The machinepasswordage registry setting (or local security policy setting) will tell you how often that password is being changed.
Basically, your computers each have what's called a "secure channel password" that refreshed every X (set by sys admins - default is 30, I think, but some set it longer) number of days with the server. It's a background thing that it does to maintain that trust. Since you did the system restore from two months prior, you put that password out of sync and had to rejoin the computers. It's a deeply imbedded security thing.
I was typing that as the other two replied...didn't mean to echo.
Avatar of Dave Ellis


Thank you for the three experts who responded.

This weekend was the planned date for a secondary domain controller to be installed on the site - but the failure of the PDC happened two days earlier.....

Thanks again.