asked on Trust relationship between a Win10 client and a Windows Server
I recently had a problem with a Windows Server 2016 Standard Edition. The motherboard and memory modules were replaced and I had to restore from an image backup from two months earlier.
On bringing up the restored system then the trust relationship between the clients and the server was broken. I followed the normal process of switching the clients to a Workgroup and then re-joining the domain.
Was the trust relationship broken because of restoring an old backup or the replacement of the motherboard ?
Could someone explain how the trust relationship works please ?
On bringing up the restored system then the trust relationship between the clients and the server was broken. I followed the normal process of switching the clients to a Workgroup and then re-joining the domain.
Was the trust relationship broken because of restoring an old backup or the replacement of the motherboard ?
Could someone explain how the trust relationship works please ?
Windows 10Windows Server 2016Windows OS
Last Comment
Dave Ellis
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
It's the restoring from backup that caused the trust relationship to break. This is due to the machine changing its AD machine password. The machinepasswordage registry setting (or local security policy setting) will tell you how often that password is being changed.
Basically, your computers each have what's called a "secure channel password" that refreshed every X (set by sys admins - default is 30, I think, but some set it longer) number of days with the server. It's a background thing that it does to maintain that trust. Since you did the system restore from two months prior, you put that password out of sync and had to rejoin the computers. It's a deeply imbedded security thing.
I was typing that as the other two replied...didn't mean to echo.
ASKER
Thank you for the three experts who responded.
This weekend was the planned date for a secondary domain controller to be installed on the site - but the failure of the PDC happened two days earlier.....
Thanks again.
This weekend was the planned date for a secondary domain controller to be installed on the site - but the failure of the PDC happened two days earlier.....
Thanks again.