Avatar of Dave Ellis
Dave Ellis
Flag for United Kingdom of Great Britain and Northern Ireland asked on

Trust relationship between a Win10 client and a Windows Server

I recently had a problem with a Windows Server 2016 Standard Edition. The motherboard and memory modules were replaced and I had to restore from an image backup from two months earlier.

On bringing up the restored system then the trust relationship between the clients and the server was broken. I followed the normal process of switching the clients to a Workgroup and then re-joining the domain.

Was the trust relationship broken because of restoring an old backup or the replacement of the motherboard ?

Could someone explain how the trust relationship works please ?
Windows 10Windows Server 2016Windows OS

Avatar of undefined
Last Comment
Dave Ellis

8/22/2022 - Mon
Paul MacDonald

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Andrew Porter

It's the restoring from backup that caused the trust relationship to break. This is due to the machine changing its AD machine password. The machinepasswordage registry setting (or local security policy setting) will tell you how often that password is being changed.
William Fulks

Basically, your computers each have what's called a "secure channel password" that refreshed every X (set by sys admins - default is 30, I think, but some set it longer) number of days with the server. It's a background thing that it does to maintain that trust. Since you did the system restore from two months prior, you put that password out of sync and had to rejoin the computers. It's a deeply imbedded security thing.
William Fulks

I was typing that as the other two replied...didn't mean to echo.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
Dave Ellis

Thank you for the three experts who responded.

This weekend was the planned date for a secondary domain controller to be installed on the site - but the failure of the PDC happened two days earlier.....

Thanks again.