Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trust Relationship Issues - causes?


  • Please log in to reply
2 replies to this topic

#1 Socky

Socky

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 16 November 2014 - 11:35 PM

We have a constant re-occurring issue in our environment which is causing massive headache for the field team and wasting time for field going around fixing - workstations are falling off the domain with, giving the error "trust relationship has failed..."

 

I know the fix for this is to log on locally, take it off the domain, reboot and then rejoin, but we have about 5k users and we're seeing 2 or 3 of these a week, sometimes more, and frankly its becoming a pain in the ring to deal with them, esp when the workstations are off site (working in Perth, covering WA)

 

What causes the DC to drop the workstation, and is there any way of resolving it without having to go to the machine and rejoin it? What would happen if I delete it in AD?



BC AdBot (Login to Remove)

 


m

#2 x64

x64

  • Members
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London UK
  • Local time:07:56 PM

Posted 17 November 2014 - 07:49 AM

Some things to think about...

 

Do you have robust time sync out to where the client PCs are?

What is between the client PC and the domain controllers that they are likelly to contact?

Is the replication between the various DCs in your organisation robust; It time synced robustly between them?

 

In theory, you can remotely reset a PCs secure channel by running

netdom reset WorkstationName /domain DomainName /usero WsLocalAdminName /passwordo WsLocalAdminPassword

from a command prompt on a Dc, running in the context of a domain admin (although I've had little success actually getting that to work in the past due to firewalls, timesync etc...You seem to need to line up a lot more ducks in a row thatn MS's training lets on to)

 

x64



#3 JohnnyJammer

JohnnyJammer

  • Members
  • 1,107 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:05:56 AM

Posted 17 November 2014 - 07:37 PM

From memory tombestone periods only effect servers and not the workstations (typically 90 days), other things from what x64 has allready said and to try could be checking the certificate authority server to make sure the certs are upto scratch.

I wouldnt have thought that an old certificate would cause that issue because the group poicy dictating where to find the CA would eb applied when they connected back to the corperate network.

 

It does sound like a time issue and bios batteries might effect the machine when it first starts by not having the correct time. Not to mention WA is a pretty big part of oz as well mate so it aint like a small drive around the block.

 

What sort of field machines you running, panasonic tablets or?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users