+ Post New Thread
Results 1 to 9 of 9
Windows 7 Thread, Randomly losing trust relationship in Technical; Hi, This is a strange one, hoping someone here could point me in the right direction. We run a vanilla ...
  1. #1

    tmcd35's Avatar
    Join Date
    Jul 2005
    Location
    Norfolk
    Posts
    6,069
    Thank Post
    901
    Thanked 1,013 Times in 825 Posts
    Blog Entries
    9
    Rep Power
    350

    Randomly losing trust relationship

    Hi,

    This is a strange one, hoping someone here could point me in the right direction. We run a vanilla Win08r2/Win7 network, all machines hardwired (very little wireless). We are getting random machines, every now and then, loosing their trust relationship with AD.

    Now I know this usually happens when AD resets the computer account password but the new password isn't updated on the actual machine. And I know this happens with some laptops that are taken away from the network for extended periods of time (read weeks), so the two passwords are out of sync.

    But this is happening to classroom desktops that never leave the school? Laptops taken away overnight and plugged back in the next morning? These machines should never lose their trust relationship with AD...

    Any help or advice would be much appreciated.

    Thank you.

  2. #2

    Join Date
    Mar 2012
    Location
    East Riding of Yorkshire
    Posts
    158
    Thank Post
    35
    Thanked 7 Times in 7 Posts
    Rep Power
    7
    This is happening with us here. Hope you can get an answer to this too :/

  3. #3

    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,198
    Thank Post
    321
    Thanked 314 Times in 219 Posts
    Rep Power
    125
    Have a look and check your DNS settings, this happened with us a few years ago with XP and 2003. After changing my dns settings everything seems to be ok.

  4. #4

    Join Date
    Jan 2008
    Location
    South West
    Posts
    1,842
    Thank Post
    219
    Thanked 271 Times in 219 Posts
    Rep Power
    69
    Are the PCs old or new? I'm wondering if they loose time. Also are you getting any kerberos errors in their event logs?

  5. #5

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,373
    Thank Post
    906
    Thanked 1,811 Times in 1,559 Posts
    Blog Entries
    12
    Rep Power
    468
    Disable startup repair. Fixed it for us.

    The machines where not shut down properly (kids hitting reset), doing a system restore automatically to an earlier time and then the trust was renewed.

  6. Thanks to FN-GM from:

    tmcd35 (4th October 2012)

  7. #6

    Join Date
    Oct 2007
    Location
    Northamptonshire
    Posts
    315
    Thank Post
    22
    Thanked 83 Times in 70 Posts
    Rep Power
    45
    Have a look at this thread. We found that it was caused by machines going into startup repair (if they hadn't been shut down properly). After running the bcdedit commands on all our computers the issue doesn't seem to have re-occurred.

  8. Thanks to Ashm from:

    tmcd35 (4th October 2012)

  9. #7

    Join Date
    Jan 2008
    Location
    Essex / Suffolk border
    Posts
    209
    Thank Post
    38
    Thanked 28 Times in 18 Posts
    Rep Power
    19
    Ditto FN-GM
    We disabled startup repair and the problem went away. Down to machines being switch off whilst running rather than being shutdown properly.

    Theres a thread already on edugeek about it Windows 7 Trust relationship
    Trust relationship error on Windows 7

  10. Thanks to bertster from:

    tmcd35 (4th October 2012)

  11. #8
    TheLibrarian
    Guest
    We have had this issue, the PC's were losing trust after (almost to the hour) 7 days.
    The PC's were definitely not repairing themselves, during testing they would lose trust after a reboot (repeated reboots scripted with the Windows shutdown command).
    The issue was time / date related, though where the PC's were getting their time from we didn't manage to track - it appeared that it was from each other but we didn't get chance to gather enough evidence of this unfortunately.

    We force the DC's to allow a significant time drift - 3 hours I believe, not the best of security measures but it seems to have worked.

    To ensure the PC's were taking their time from the DC's @sister_annex made sure the domain had a T1 time source (IIRC the DC's were quite demanding as far as the tier of the time source was concerned) and the Windows 7 clients have the following script run once on them.

    @ECHO OFF
    cls


    echo, Unresgistering Time Service
    net stop w32time
    w32tm /unregister
    echo,


    echo, Registering Time Service
    w32tm /register
    net start w32time
    echo,


    echo, Setting time service for domain time
    w32tm /config /syncfromflags:domhier /update
    echo,


    echo, Stopping Time Service
    net stop w32time
    echo,


    echo, Starting Time Service
    net start w32time
    echo,


    echo, PLEASE CHECK THE FOLLOWING IS CORRECT
    w32tm /resync /rediscover
    w32tm /query /status
    echo,


    Pause

  12. #9

    tmcd35's Avatar
    Join Date
    Jul 2005
    Location
    Norfolk
    Posts
    6,069
    Thank Post
    901
    Thanked 1,013 Times in 825 Posts
    Blog Entries
    9
    Rep Power
    350
    Thanks guys, I think you may have something with the "going in to repair after not shutting down properly". I'll check out disabling repair.



SHARE:
+ Post New Thread

Similar Threads

  1. Rebuilt server - now lacking trust relationships!!!
    By InspireICT in forum Wireless Networks
    Replies: 13
    Last Post: 3rd May 2011, 02:41 PM
  2. Replies: 9
    Last Post: 12th July 2010, 01:43 PM
  3. Randomly "losing" printers
    By leco in forum Wireless Networks
    Replies: 5
    Last Post: 21st January 2010, 05:05 PM
  4. Trust Relationship for web traffic
    By ahunter in forum Wireless Networks
    Replies: 4
    Last Post: 11th November 2008, 06:34 PM
  5. Trust Relationships and DeepFreeze
    By AdamWilden in forum How do you do....it?
    Replies: 6
    Last Post: 4th February 2008, 12:16 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •