Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

How does the trust relationship fail between Active Directory Server & Client?

user-image
Question added by Md. Shakhawat Hossain , System Engineer , Social Islami Bank Limited
Date Posted: 2017/06/21
abdul aleem
by abdul aleem , IT Support Supervisor , Specialized Automotive Co

there might be multiple possibilities 1 duplicate host names 2 network connection broken between client and server.Computers have passwords in AD, just like users.A workstation will lose trust with the domain controller if its account has been overwritten

Najith Mohammed
by Najith Mohammed , IT Officer , LUTFI Group of Companies

A laptop that has lost trust relationship with the Domain.  There is not a local account setup to log into to reestablish the connection.

Zuberuddin Sayyed
by Zuberuddin Sayyed , Sr.Officer , Endurance Technologies ltd

There might be multiple possibilites.

1) Duplicate hostnames

2) Network connection broken between client and server

 

Shujauddin Mohammed
by Shujauddin Mohammed , IT Network and System Admin , Saudi Tadawi Health Care Co.

There might be multiple Possible reasons some Below are listed a few of them:

 

Single SID has been assigned to multiple computers.

If the Secure Channel is Broken between Domain controller and workstations

If there are no SPN or DNSHost Name mentioned in the computer account attributes

shiyas shiyas s
by shiyas shiyas s , IT Infrastructure Engineer , System House Factory For Electric Panels

The trust relationship fails only if the system does not have the domain dns ip.

The normal cause of this (in my experience) is a DNS/DHCP issue.

 

Amit Mehta
by Amit Mehta , IT Administrator , Time Inc

1) Imaging or joining a machine to the domain with the same name as the affected computer while the affected computer is offline

2) AD policy that would disable a computer after x number of days of not authenticating.

3) Computer object in AD is deleted.

The solution however is quick which is to remove from the domain and rejoin.

Ahmed ElAraby
by Ahmed ElAraby , System & Network Administrator , Gazzaz

It happens for a different reasons these are 2 of them that i recall

1- if the machine is shutdown for a long period of time the machine password set by the active directory may expire.

2- If the client account has been disabled by the administrator

 

Saeed Anwar
by Saeed Anwar , Full Stack Web Developer / Web Master , Smart Sol Techno Ltd

Because of a "password mismatch." Passwords are typically thought of as something that is assigned to a user account. However, in Active Directory environments each computer account also has an internal password. If the copy of the computer account password that is stored within the member server gets out of sync with the password copy that is stored on the domain controller then the trust relationship will be broken as a result.

So how can you fix this error?

So the easy fix is to blow away the computer account within the Active Directory Users and Computers console and then rejoin the computer to the domain. Doing so reestablishes the broken-trust relationship. This approach works really well for workstations, but it can do more harm than good if you try it on a member server.

Deleted user
by Deleted user

The trust relationship between this workstation and the primary domain failed,The workaround has been to dejoin and rejoin the domain, but it keeps happening and we need a permanent fix

Jeeshan Ali
by Jeeshan Ali , Senior IT Engineer , Pacific Infotech UK LTD

A workstation will lose trust with the domain controller if its account has been overwritten. It is entirely possible (with the right permissions) to add a computer with a name that already exists in the domain, but this will cause the computer that was previously known as that name to lose trust with the Domain Controller.

Shabir Kashif
by Shabir Kashif , Senior Executive Network & Communication , Coca-Cola Beverages Pakistan Limited

If workstation or server account is deleted in Active directory.

More Questions Like This