+ Post New Thread
Page 3 of 3 FirstFirst 123
Results 31 to 42 of 42
Windows 7 Thread, Trust relationship error on Windows 7 in Technical; Originally Posted by techie08 Touch wood we haven't had any of our PCs come up with problem for a week ...
  1. #31
    round2it's Avatar
    Join Date
    May 2009
    Location
    UK
    Posts
    1,084
    Thank Post
    255
    Thanked 161 Times in 116 Posts
    Rep Power
    41
    Quote Originally Posted by techie08 View Post
    Touch wood we haven't had any of our PCs come up with problem for a week or so now but the dual macs, we had 3 of today!
    i had one today on a dual boot imac
    removed from doman then added again fixed the issue

  2. #32
    FreeWill's Avatar
    Join Date
    Jan 2007
    Location
    North East
    Posts
    118
    Thank Post
    19
    Thanked 9 Times in 9 Posts
    Rep Power
    18
    A random few of our computers display this problem when Windows has failed to boot. 'Startup Repair' was run (by users - as they did this before the problem was reported) and we do not know what repair method they selected. It appears that something performed in Startup Repair caused the relationship to fail.

    This is only when it's not something obvious such as two computers with same name, account deleted, etc.

  3. #33

    Join Date
    May 2008
    Posts
    536
    Thank Post
    18
    Thanked 8 Times in 8 Posts
    Rep Power
    16
    4 PCs have gone this afternoon after about a week of it no happening!

  4. #34

    Join Date
    May 2008
    Posts
    536
    Thank Post
    18
    Thanked 8 Times in 8 Posts
    Rep Power
    16
    Another 3 today!! Its doing my head in now!

  5. #35

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,271
    Thank Post
    884
    Thanked 2,749 Times in 2,322 Posts
    Blog Entries
    11
    Rep Power
    785
    This is usually to do with the machine account change process, sometimes it seems to fail in the background leaving the machine account still in active directory but not able to logon with the domain trust error. The other thing that can cause this is machines with duplicate SPNs.

    To deal initially with the auto change on the machine account passwords (which fail to update to the server) you should be able to just disable the autochange:
    How to disable automatic machine account password changes
    1. Start Registry Editor. To do so, click Start, click Run, type regedit in the Open box, and then click OK.
    2. Locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet \Services\Netlogon\Parameters
    3. In the right pane, click the DisablePasswordChange
      entry.
    4. On the Edit menu, click Modify.
    5. In the Value data box, type a value of 1, and then click OK.
    6. Quit Registry Editor.
    You can also reset the connection password using a netdom command but that does not always work:
    Netdom reset
    netdom reset /d:myDomain.contoso.com myWorkstation
    Not sure if it is run from the client or the DC as I tried it both ways each time

    I tended to unjoin/rejoin the workstations when they became a problem as I only had a couple pull this kind of stunt every 3-4 months.

    As to the SPNs this can easily happen if you accidentally name a workstation the same as another recently joined one (that has not reset the machine password yet. This can cause duplicate SPNs in AD which toasts the accounts in the short or long term.

    This person had some luck with finding and removing them using the setSPN.exe tool along with ADSI edit to give them the proper level of kill:
    The trust relationship between this workstation and the primary domain failed | Daily Tweak
    ONE SOLUTION: (Or at least what worked for us.) We had a workstation with the exact same error message. Rejoining the domain did not correct the issue. The only thing which worked was to use an entirely different computer name, which was not our preferred solution. After much searching (including finding this page) and gnashing of teeth I finally found the problem in our domain.
    There was a duplicate SPN (Service Principal Name) registered on another computer account. For some reason setspn -X was NOT finding the duplicate entries. Instead I ran setspn -Q */hostname* where hostname was name of the computer. (not the FQDN)
    This turned up another computer account with a duplicate SPN:
    C:\Users\tblackerby>setspn -Q */hostname1*
    Checking domain DC=mydomain,DC=edu
    CN=EDBB9F19DB3E435,OU=Other Computer Objects,DC=mydomain,DC=edu
    HOST/EDBB9F19DB3E435
    HOST/hostname1.mydomain.edu
    CN=hostname1,OU=Lab Workstations,OU=Workstations,DC=mydomain,DC=edu
    TERMSRV/hostname1.mydomain.edu
    RestrictedKrbHost/hostname1.mydomain.edu
    HOST/hostname1.mydomain.edu
    HOST/hostname1
    RestrictedKrbHost/hostname1
    TERMSRV/hostname1
    Existing SPN found!
    I used ADSIEdit to remove the SPN off of the conflicting account, waited for replication, and was finally able to login to hostname1 without the error!
    To verify I can recreate the problem by putting the duplicate SPN back on the other computer account, which immediately causes the error again.
    The linked thread also has lots of other possible solutions too.

  6. Thanks to SYNACK from:

    mopey85 (6th June 2012)

  7. #36
    TheLibrarian
    Guest
    It looks fairly definite for us now that the issue was the Realtek driver from ~2010 (supplied by Acer) and the driver that works (so far) is "Realtek 8168 Driver_Win7_7045_05202011" from the Realtek site Realtek.

  8. #37


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    7,057
    Thank Post
    232
    Thanked 923 Times in 792 Posts
    Rep Power
    308
    ive just had a look at types of pc that have done it to me and they all have realtek gb cards onboard

  9. Thanks to sted from:


  10. #38
    TheLibrarian
    Guest
    We've just lost 3 of the "working" Veritons.

  11. #39
    TheLibrarian
    Guest
    Very latest drivers make no difference.

    We're now looking at going back to XP on most of the PC's.

    @sister_annex; is now looking into possible time related issues; never been a problem with XP but it could be that 7 is much less tolerant.

  12. #40
    sister_annex's Avatar
    Join Date
    Jan 2009
    Location
    Wolverhampton
    Posts
    616
    Thank Post
    103
    Thanked 144 Times in 125 Posts
    Rep Power
    52
    Time issues are apparent - the w32time service should try and sync with a local DC (if the DC is advertising as a time source)

    A DC will not advertise as a time source if it is not syncing with the PDC correctly (or if the PDC is not working correctly)
    Last edited by sister_annex; 22nd September 2011 at 01:24 PM. Reason: spelling....

  13. #41

    Join Date
    May 2008
    Posts
    536
    Thank Post
    18
    Thanked 8 Times in 8 Posts
    Rep Power
    16
    We made a change to the station GPO to disable the computer changing its password every 30 days. So far we haven't had one go down since i last posted.

    I Hope i haven't spoke too soon!

  14. Thanks to techie08 from:

    spik376 (30th September 2011)

  15. #42
    sister_annex's Avatar
    Join Date
    Jan 2009
    Location
    Wolverhampton
    Posts
    616
    Thank Post
    103
    Thanked 144 Times in 125 Posts
    Rep Power
    52
    I think @TheLibrarian has done something similar here



SHARE:
+ Post New Thread
Page 3 of 3 FirstFirst 123

Similar Threads

  1. Event Error 1054 on Windows Server 2003 (64 bit)
    By Gibbo in forum Windows Server 2000/2003
    Replies: 6
    Last Post: 12th December 2008, 11:29 AM
  2. Windows setup error on login
    By sparkeh in forum Windows
    Replies: 2
    Last Post: 10th November 2008, 01:42 PM
  3. Replies: 7
    Last Post: 24th May 2006, 03:16 PM
  4. DNS error on a mult-user desktop
    By pmassingham in forum Windows
    Replies: 5
    Last Post: 12th April 2006, 06:04 PM
  5. Network driver error on RIS install.
    By Kyle in forum Windows
    Replies: 1
    Last Post: 6th February 2006, 12:31 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •