+ Post New Thread
Results 1 to 10 of 10
Windows Server 2008 R2 Thread, "The trust relationship between this workstation and the primary domain failed." in Technical; I have VMWare ESXi 3.5 and 5.0 vSpheres. When I deploy a template or clone a VM running Windows I ...
  1. #1
    ronanian's Avatar
    Join Date
    Dec 2007
    Location
    Massachusetts, USA
    Posts
    88
    Thank Post
    18
    Thanked 2 Times in 2 Posts
    Rep Power
    14

    Unhappy "The trust relationship between this workstation and the primary domain failed."

    I have VMWare ESXi 3.5 and 5.0 vSpheres. When I deploy a template or clone a VM running Windows I expect to see "The trust relationship between this workstation and the primary domain failed." unless I sysprep (and sometimes even then). The cure is to remove from the domain and re-join. Ok, no problem, I do that on the newly deployed VM.

    I have one Windows Server 2008R2 terminal server template that does something worse. When I deploy it, all existing live VMs based on that template get "The trust relationship between this workstation and the primary domain failed." What am I doing wrong?

    I have to deploy it again and I'm not looking forward to re-joining all of its siblings again.

  2. #2
    ronanian's Avatar
    Join Date
    Dec 2007
    Location
    Massachusetts, USA
    Posts
    88
    Thank Post
    18
    Thanked 2 Times in 2 Posts
    Rep Power
    14
    Bump. Probably nobody knows exactly, but any unsure guesses at least?

  3. #3


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,619
    Thank Post
    229
    Thanked 860 Times in 738 Posts
    Rep Power
    297
    i assume the clones are already domained but pc passwords reset over time so if you apply changes in bulk to vms theres a fair chance the pcs password will get reset. it is possible via group policy to stop computer account passwords changing but its contra indicated and only works going forwards (so next time you bulk apply updates it would roll back to a previous password anyway.

    try running the following in powershell

    Test-ComputerSecureChannel -repair shouldnt even require a reboot

  4. Thanks to sted from:

    ronanian (14th August 2013)

  5. #4
    Netman's Avatar
    Join Date
    Jul 2005
    Location
    56.343515, -2.804118
    Posts
    911
    Thank Post
    367
    Thanked 190 Times in 143 Posts
    Rep Power
    54
    I'd say it's probably best practice to remove them from the domain and sysprep before creating the template - then join the domain as you create the new VM's? You're always gonna get security issues with duplicate SIDs and names on Windows domains...

  6. Thanks to Netman from:

    ronanian (14th August 2013)

  7. #5

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,571 Times in 1,251 Posts
    Rep Power
    340

    Thumbs up

    I'm not sure why you're getting this problem, but it does happen often with wireless clients. Here's a fix which works 100% to stop trust type errors -

    Code:
    Hive: HKEY_LOCAL_MACHINE
    Key Path: SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
    
    Value Name: DisablePasswordChange
    
    Value type: REG_DWORD
    Value data: 00000001
    See pic for example:

    TrustFix.png

  8. Thanks to Michael from:

    ronanian (14th August 2013)

  9. #6
    FishCustard's Avatar
    Join Date
    Feb 2013
    Location
    Croydon
    Posts
    425
    Thank Post
    74
    Thanked 42 Times in 38 Posts
    Rep Power
    19
    What does the above fix do, prevent people from changing their passwords on those particular machines? (which would be no big deal in order to prevent issues!).

  10. #7

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,657
    Thank Post
    656
    Thanked 1,624 Times in 1,453 Posts
    Rep Power
    422
    No it prevents the machines themselves changing their computer account password.

    Ben

  11. #8
    FishCustard's Avatar
    Join Date
    Feb 2013
    Location
    Croydon
    Posts
    425
    Thank Post
    74
    Thanked 42 Times in 38 Posts
    Rep Power
    19
    Ahhh, yeah, that makes sense.

  12. #9
    ronanian's Avatar
    Join Date
    Dec 2007
    Location
    Massachusetts, USA
    Posts
    88
    Thank Post
    18
    Thanked 2 Times in 2 Posts
    Rep Power
    14
    Success! I figured out how to avoid the problem. All I have to do is NOT be an impatient jerk.

    Normally when Windows says I need to restart I say "You're not the boss of me, I'm in charge! ".

    This time I disconnected the (virtual) network cables, started Windows on the newly deployed VM, removed it from the domain, and when it asked to restart I actually allowed it to...then once it was restarted I assigned an IP, reconnected the (virtual) network cables, joined it to the domain, and when it asked to restart once again I immediately allowed it to do so.

  13. #10

    Join Date
    Oct 2012
    Location
    Romania
    Posts
    21
    Thank Post
    0
    Thanked 2 Times in 2 Posts
    Rep Power
    4
    I will be better to just create the VM template in a workgroup environment and syspreped. That way when you deploy a VM from that template you only have to add the VM to the domain and you're done. No more disconnected adapters and remove server from the domain.

SHARE:
+ Post New Thread

Similar Threads

  1. [MS Office - 2013] What's the relationship between Office 2013 and Office 365?
    By Sam_Brown in forum Office Software
    Replies: 0
    Last Post: 6th May 2013, 10:42 AM
  2. Replies: 11
    Last Post: 16th September 2010, 11:54 AM
  3. Riddle me this One For The Parents and Parents To-Be
    By russdev in forum General Chat
    Replies: 1
    Last Post: 17th May 2009, 09:13 PM
  4. Trust Relationships and DeepFreeze
    By AdamWilden in forum How do you do....it?
    Replies: 6
    Last Post: 4th February 2008, 11:16 AM
  5. Yellis and the Fischer Family Trust
    By mark in forum How do you do....it?
    Replies: 4
    Last Post: 13th June 2006, 08:33 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •