+ Post New Thread
Results 1 to 9 of 9
Windows 7 Thread, Randomly losing trust relationship in Technical; Hi, This is a strange one, hoping someone here could point me in the right direction. We run a vanilla ...
  1. #1

    tmcd35's Avatar
    Join Date
    Jul 2005
    Location
    Norfolk
    Posts
    5,243
    Thank Post
    772
    Thanked 804 Times in 670 Posts
    Blog Entries
    9
    Rep Power
    299

    Randomly losing trust relationship

    Hi,

    This is a strange one, hoping someone here could point me in the right direction. We run a vanilla Win08r2/Win7 network, all machines hardwired (very little wireless). We are getting random machines, every now and then, loosing their trust relationship with AD.

    Now I know this usually happens when AD resets the computer account password but the new password isn't updated on the actual machine. And I know this happens with some laptops that are taken away from the network for extended periods of time (read weeks), so the two passwords are out of sync.

    But this is happening to classroom desktops that never leave the school? Laptops taken away overnight and plugged back in the next morning? These machines should never lose their trust relationship with AD...

    Any help or advice would be much appreciated.

    Thank you.

  2. #2

    Join Date
    Mar 2012
    Location
    East Riding of Yorkshire
    Posts
    143
    Thank Post
    33
    Thanked 7 Times in 7 Posts
    Rep Power
    6
    This is happening with us here. Hope you can get an answer to this too :/

  3. #3
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    2,772
    Thank Post
    251
    Thanked 220 Times in 168 Posts
    Rep Power
    87
    Have a look and check your DNS settings, this happened with us a few years ago with XP and 2003. After changing my dns settings everything seems to be ok.

  4. #4
    chazzy2501's Avatar
    Join Date
    Jan 2008
    Location
    South West
    Posts
    1,723
    Thank Post
    206
    Thanked 254 Times in 206 Posts
    Rep Power
    65
    Are the PCs old or new? I'm wondering if they loose time. Also are you getting any kerberos errors in their event logs?

  5. #5

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,392
    Thank Post
    797
    Thanked 1,588 Times in 1,391 Posts
    Blog Entries
    10
    Rep Power
    427
    Disable startup repair. Fixed it for us.

    The machines where not shut down properly (kids hitting reset), doing a system restore automatically to an earlier time and then the trust was renewed.

  6. Thanks to FN-GM from:

    tmcd35 (4th October 2012)

  7. #6

    Join Date
    Oct 2007
    Location
    Northamptonshire
    Posts
    307
    Thank Post
    20
    Thanked 79 Times in 67 Posts
    Rep Power
    43
    Have a look at this thread. We found that it was caused by machines going into startup repair (if they hadn't been shut down properly). After running the bcdedit commands on all our computers the issue doesn't seem to have re-occurred.

  8. Thanks to Ashm from:

    tmcd35 (4th October 2012)

  9. #7

    Join Date
    Jan 2008
    Location
    Essex / Suffolk border
    Posts
    187
    Thank Post
    35
    Thanked 23 Times in 14 Posts
    Rep Power
    16
    Ditto FN-GM
    We disabled startup repair and the problem went away. Down to machines being switch off whilst running rather than being shutdown properly.

    Theres a thread already on edugeek about it Windows 7 Trust relationship
    Trust relationship error on Windows 7

  10. Thanks to bertster from:

    tmcd35 (4th October 2012)

  11. #8
    TheLibrarian
    Guest
    We have had this issue, the PC's were losing trust after (almost to the hour) 7 days.
    The PC's were definitely not repairing themselves, during testing they would lose trust after a reboot (repeated reboots scripted with the Windows shutdown command).
    The issue was time / date related, though where the PC's were getting their time from we didn't manage to track - it appeared that it was from each other but we didn't get chance to gather enough evidence of this unfortunately.

    We force the DC's to allow a significant time drift - 3 hours I believe, not the best of security measures but it seems to have worked.

    To ensure the PC's were taking their time from the DC's @sister_annex made sure the domain had a T1 time source (IIRC the DC's were quite demanding as far as the tier of the time source was concerned) and the Windows 7 clients have the following script run once on them.

    @ECHO OFF
    cls


    echo, Unresgistering Time Service
    net stop w32time
    w32tm /unregister
    echo,


    echo, Registering Time Service
    w32tm /register
    net start w32time
    echo,


    echo, Setting time service for domain time
    w32tm /config /syncfromflags:domhier /update
    echo,


    echo, Stopping Time Service
    net stop w32time
    echo,


    echo, Starting Time Service
    net start w32time
    echo,


    echo, PLEASE CHECK THE FOLLOWING IS CORRECT
    w32tm /resync /rediscover
    w32tm /query /status
    echo,


    Pause

  12. #9

    tmcd35's Avatar
    Join Date
    Jul 2005
    Location
    Norfolk
    Posts
    5,243
    Thank Post
    772
    Thanked 804 Times in 670 Posts
    Blog Entries
    9
    Rep Power
    299
    Thanks guys, I think you may have something with the "going in to repair after not shutting down properly". I'll check out disabling repair.

SHARE:
+ Post New Thread

Similar Threads

  1. Rebuilt server - now lacking trust relationships!!!
    By InspireICT in forum Wireless Networks
    Replies: 13
    Last Post: 3rd May 2011, 01:41 PM
  2. Replies: 9
    Last Post: 12th July 2010, 12:43 PM
  3. Randomly "losing" printers
    By leco in forum Wireless Networks
    Replies: 5
    Last Post: 21st January 2010, 04:05 PM
  4. Trust Relationship for web traffic
    By ahunter in forum Wireless Networks
    Replies: 4
    Last Post: 11th November 2008, 05:34 PM
  5. Trust Relationships and DeepFreeze
    By AdamWilden in forum How do you do....it?
    Replies: 6
    Last Post: 4th February 2008, 11:16 AM

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •