Register now or log in to join your professional community.
there might be multiple possibilities 1 duplicate host names 2 network connection broken between client and server.Computers have passwords in AD, just like users.A workstation will lose trust with the domain controller if its account has been overwritten
A laptop that has lost trust relationship with the Domain. There is not a local account setup to log into to reestablish the connection.
There might be multiple possibilites.
1) Duplicate hostnames
2) Network connection broken between client and server
There might be multiple Possible reasons some Below are listed a few of them:
Single SID has been assigned to multiple computers.
If the Secure Channel is Broken between Domain controller and workstations
If there are no SPN or DNSHost Name mentioned in the computer account attributes
The trust relationship fails only if the system does not have the domain dns ip.
The normal cause of this (in my experience) is a DNS/DHCP issue.
1) Imaging or joining a machine to the domain with the same name as the affected computer while the affected computer is offline
2) AD policy that would disable a computer after x number of days of not authenticating.
3) Computer object in AD is deleted.
The solution however is quick which is to remove from the domain and rejoin.
It happens for a different reasons these are 2 of them that i recall
1- if the machine is shutdown for a long period of time the machine password set by the active directory may expire.
2- If the client account has been disabled by the administrator
Because of a "password mismatch." Passwords are typically thought of as something that is assigned to a user account. However, in Active Directory environments each computer account also has an internal password. If the copy of the computer account password that is stored within the member server gets out of sync with the password copy that is stored on the domain controller then the trust relationship will be broken as a result.
So how can you fix this error?
So the easy fix is to blow away the computer account within the Active Directory Users and Computers console and then rejoin the computer to the domain. Doing so reestablishes the broken-trust relationship. This approach works really well for workstations, but it can do more harm than good if you try it on a member server.
The trust relationship between this workstation and the primary domain failed,The workaround has been to dejoin and rejoin the domain, but it keeps happening and we need a permanent fix
A workstation will lose trust with the domain controller if its account has been overwritten. It is entirely possible (with the right permissions) to add a computer with a name that already exists in the domain, but this will cause the computer that was previously known as that name to lose trust with the Domain Controller.
If workstation or server account is deleted in Active directory.