Sign in with
Sign up | Sign in
Your question

Why do PC's lose their trust relationship?

Last response: in Windows 2000/NT
Share
February 11, 2005 3:18:02 PM

Archived from groups: microsoft.public.active.directory.interfaces,microsoft.public.win2000.active_directory,microsoft.public.windows.activedirectory.dsml,microsoft.public.windows.server.active_directory (More info?)

I say PC's but it can say servers too. I'm not quite so concerned if it's
just a workstation but when it happens to a windows server it can no longer
serve. The computer accounts haven't been deleted from the domain. Is
there anything I can do proactively?
Anonymous
February 11, 2005 3:18:03 PM

Archived from groups: microsoft.public.active.directory.interfaces,microsoft.public.win2000.active_directory,microsoft.public.windows.activedirectory.dsml,microsoft.public.windows.server.active_directory (More info?)

Trust relationships rely on security certificates ttl and how they are setup,
when they expire and whether they have the ability to renew. Additionally,
checking NetBIOS and DNS may help you obtain more information. Check your
event logs (PC and server) and post back security and trust related
information of run Netdiag /test:kerberos and see if any inconsistencies pop
up.

-Allen Firouz


"-" wrote:

> I say PC's but it can say servers too. I'm not quite so concerned if it's
> just a workstation but when it happens to a windows server it can no longer
> serve. The computer accounts haven't been deleted from the domain. Is
> there anything I can do proactively?
>
>
>
Anonymous
February 11, 2005 11:43:45 PM

Archived from groups: microsoft.public.active.directory.interfaces,microsoft.public.win2000.active_directory,microsoft.public.windows.activedirectory.dsml,microsoft.public.windows.server.active_directory (More info?)

I assume we're talking about the secure channel trusts? If this is
happening you've probably got networking problems, and/ or name resolution
problems.

Like Allen said, are there errors/ warnings in the event logs?

Are these mainly remote machines over a poor line, etc.?

What can you tell us about your setup and the environment?


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

<-> wrote in message news:uOFjl2FEFHA.4072@TK2MSFTNGP10.phx.gbl...
I say PC's but it can say servers too. I'm not quite so concerned if it's
just a workstation but when it happens to a windows server it can no longer
serve. The computer accounts haven't been deleted from the domain. Is
there anything I can do proactively?
Related resources
February 11, 2005 11:43:46 PM

Archived from groups: microsoft.public.active.directory.interfaces,microsoft.public.win2000.active_directory,microsoft.public.windows.activedirectory.dsml,microsoft.public.windows.server.active_directory (More info?)

I see event logs on the domain controller saying their secure channel
password isn't correct. I was able to look at the PC's event log (though
couldn't map an administrative share due to trust relationship failur) and
honestly nothing looks out of the ordinary. I did see one thing where a
service running with a domain account wouldn't start due to a password
issue, but that would I think be more a symptom rather than the problem
itself.

We do have the occasional network outage. In the last couple of months we
have had two 1/2 hour outages and have been told that outages of 5 minutes
or less won't be reported by the NetAdmins. Also, the server admins ran
into this problem when rebooting a server and voluntarily rejoining it to
the domain.

The setup is with a 100mbit ethernet with FDDI backbone, all based on Cisco.
We have three DC's, all at HQ building.

The main problem is that occasionally a machine will not synchronize its LSA
password and then, it cannot serve. Best guess is that it had network
problems when it was its time to synchronize it, and it just got out of
sync.

I have checked the netlogon logs and not seen anything, I'll run the
kerberos check and see if that turns anything up.

"ptwilliams" <ptw2001@hotmail.com> wrote in message
news:uBZT4nHEFHA.1600@TK2MSFTNGP10.phx.gbl...
>I assume we're talking about the secure channel trusts? If this is
> happening you've probably got networking problems, and/ or name resolution
> problems.
>
> Like Allen said, are there errors/ warnings in the event logs?
>
> Are these mainly remote machines over a poor line, etc.?
>
> What can you tell us about your setup and the environment?
>
>
> --
>
> Paul Williams
>
> http://www.msresource.net/
> http://forums.msresource.net/
>
> <-> wrote in message news:uOFjl2FEFHA.4072@TK2MSFTNGP10.phx.gbl...
> I say PC's but it can say servers too. I'm not quite so concerned if it's
> just a workstation but when it happens to a windows server it can no
> longer
> serve. The computer accounts haven't been deleted from the domain. Is
> there anything I can do proactively?
>
>
>
February 11, 2005 11:43:47 PM

Archived from groups: microsoft.public.active.directory.interfaces,microsoft.public.win2000.active_directory,microsoft.public.windows.activedirectory.dsml,microsoft.public.windows.server.active_directory (More info?)

I THINK I'VE GOT PAY DIRT!!!
----


Type: Error
Event ID: 4319
Source: NetBT
User: N/A
Generated: 2/2/2005 11:12:24 PM
Message: A duplicate name has been detected on the TCP network. The IP
address of the
machine that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Type: Warning
Event ID: 3033
Source: MRxSmb
User: N/A
Generated: 2/2/2005 11:12:24 PM
Message: The redirector was unable to register the address for transport
NetBT_Tcpip_{2E4FDBD6-0CE7-42D3-997E-9161E for the following reason: .
Transport has been taken offline.


Some NBTstat logs

---------------

---------------------------------------------
PC1NOPROB <00> UNIQUE Registered
PC1NOPROB <20> UNIQUE Registered
DOMAIN <00> GROUP Registered
DOMAIN <1E> GROUP Registered
PC1NOPROB <01> UNIQUE Registered

C:\Documents and Settings\>nbtstat -a PC2NOTRUST

Local Area Connection:
Node IpAddress: [10.30.49.61] Scope Id: []

NetBIOS Remote Machine Name Table

Name Type Status
---------------------------------------------
PC2NOTRUST <00> UNIQUE Registered
DOMAIN <00> GROUP Registered
PC2NOTRUST <20> UNIQUE Registered
PC2NOTRUST <03> UNIQUE Registered
PC2NOTRUST$ <03> UNIQUE Registered
DOMAIN <1E> GROUP Registered

MAC Address = xx-11-xx-02-F1-1B
============================================

and the clincher:



<-> wrote in message news:uX50NeJEFHA.4020@TK2MSFTNGP14.phx.gbl...
>I see event logs on the domain controller saying their secure channel
>password isn't correct. I was able to look at the PC's event log (though
>couldn't map an administrative share due to trust relationship failur) and
>honestly nothing looks out of the ordinary. I did see one thing where a
>service running with a domain account wouldn't start due to a password
>issue, but that would I think be more a symptom rather than the problem
>itself.
>
> We do have the occasional network outage. In the last couple of months we
> have had two 1/2 hour outages and have been told that outages of 5 minutes
> or less won't be reported by the NetAdmins. Also, the server admins ran
> into this problem when rebooting a server and voluntarily rejoining it to
> the domain.
>
> The setup is with a 100mbit ethernet with FDDI backbone, all based on
> Cisco. We have three DC's, all at HQ building.
>
> The main problem is that occasionally a machine will not synchronize its
> LSA password and then, it cannot serve. Best guess is that it had network
> problems when it was its time to synchronize it, and it just got out of
> sync.
>
> I have checked the netlogon logs and not seen anything, I'll run the
> kerberos check and see if that turns anything up.
>
> "ptwilliams" <ptw2001@hotmail.com> wrote in message
> news:uBZT4nHEFHA.1600@TK2MSFTNGP10.phx.gbl...
>>I assume we're talking about the secure channel trusts? If this is
>> happening you've probably got networking problems, and/ or name
>> resolution
>> problems.
>>
>> Like Allen said, are there errors/ warnings in the event logs?
>>
>> Are these mainly remote machines over a poor line, etc.?
>>
>> What can you tell us about your setup and the environment?
>>
>>
>> --
>>
>> Paul Williams
>>
>> http://www.msresource.net/
>> http://forums.msresource.net/
>>
>> <-> wrote in message news:uOFjl2FEFHA.4072@TK2MSFTNGP10.phx.gbl...
>> I say PC's but it can say servers too. I'm not quite so concerned if
>> it's
>> just a workstation but when it happens to a windows server it can no
>> longer
>> serve. The computer accounts haven't been deleted from the domain. Is
>> there anything I can do proactively?
>>
>>
>>
>
>
Anonymous
February 12, 2005 12:51:59 PM

Archived from groups: microsoft.public.active.directory.interfaces,microsoft.public.win2000.active_directory,microsoft.public.windows.activedirectory.dsml,microsoft.public.windows.server.active_directory (More info?)

So you've fixed it?!?

Nice. Well done!!


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

<-> wrote in message news:uCi6h%23JEFHA.624@TK2MSFTNGP15.phx.gbl...
I THINK I'VE GOT PAY DIRT!!!
----


Type: Error
Event ID: 4319
Source: NetBT
User: N/A
Generated: 2/2/2005 11:12:24 PM
Message: A duplicate name has been detected on the TCP network. The IP
address of the
machine that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Type: Warning
Event ID: 3033
Source: MRxSmb
User: N/A
Generated: 2/2/2005 11:12:24 PM
Message: The redirector was unable to register the address for transport
NetBT_Tcpip_{2E4FDBD6-0CE7-42D3-997E-9161E for the following reason: .
Transport has been taken offline.


Some NBTstat logs

---------------

---------------------------------------------
PC1NOPROB <00> UNIQUE Registered
PC1NOPROB <20> UNIQUE Registered
DOMAIN <00> GROUP Registered
DOMAIN <1E> GROUP Registered
PC1NOPROB <01> UNIQUE Registered

C:\Documents and Settings\>nbtstat -a PC2NOTRUST

Local Area Connection:
Node IpAddress: [10.30.49.61] Scope Id: []

NetBIOS Remote Machine Name Table

Name Type Status
---------------------------------------------
PC2NOTRUST <00> UNIQUE Registered
DOMAIN <00> GROUP Registered
PC2NOTRUST <20> UNIQUE Registered
PC2NOTRUST <03> UNIQUE Registered
PC2NOTRUST$ <03> UNIQUE Registered
DOMAIN <1E> GROUP Registered

MAC Address = xx-11-xx-02-F1-1B
============================================

and the clincher:



<-> wrote in message news:uX50NeJEFHA.4020@TK2MSFTNGP14.phx.gbl...
>I see event logs on the domain controller saying their secure channel
>password isn't correct. I was able to look at the PC's event log (though
>couldn't map an administrative share due to trust relationship failur) and
>honestly nothing looks out of the ordinary. I did see one thing where a
>service running with a domain account wouldn't start due to a password
>issue, but that would I think be more a symptom rather than the problem
>itself.
>
> We do have the occasional network outage. In the last couple of months we
> have had two 1/2 hour outages and have been told that outages of 5 minutes
> or less won't be reported by the NetAdmins. Also, the server admins ran
> into this problem when rebooting a server and voluntarily rejoining it to
> the domain.
>
> The setup is with a 100mbit ethernet with FDDI backbone, all based on
> Cisco. We have three DC's, all at HQ building.
>
> The main problem is that occasionally a machine will not synchronize its
> LSA password and then, it cannot serve. Best guess is that it had network
> problems when it was its time to synchronize it, and it just got out of
> sync.
>
> I have checked the netlogon logs and not seen anything, I'll run the
> kerberos check and see if that turns anything up.
>
> "ptwilliams" <ptw2001@hotmail.com> wrote in message
> news:uBZT4nHEFHA.1600@TK2MSFTNGP10.phx.gbl...
>>I assume we're talking about the secure channel trusts? If this is
>> happening you've probably got networking problems, and/ or name
>> resolution
>> problems.
>>
>> Like Allen said, are there errors/ warnings in the event logs?
>>
>> Are these mainly remote machines over a poor line, etc.?
>>
>> What can you tell us about your setup and the environment?
>>
>>
>> --
>>
>> Paul Williams
>>
>> http://www.msresource.net/
>> http://forums.msresource.net/
>>
>> <-> wrote in message news:uOFjl2FEFHA.4072@TK2MSFTNGP10.phx.gbl...
>> I say PC's but it can say servers too. I'm not quite so concerned if
>> it's
>> just a workstation but when it happens to a windows server it can no
>> longer
>> serve. The computer accounts haven't been deleted from the domain. Is
>> there anything I can do proactively?
>>
>>
>>
>
>
February 16, 2005 1:36:24 PM

Archived from groups: microsoft.public.active.directory.interfaces,microsoft.public.win2000.active_directory,microsoft.public.windows.activedirectory.dsml,microsoft.public.windows.server.active_directory (More info?)

Hi,

I was going to say, I actually got cut off in mid post, the "and the
clincher" was that I found two machines with the same name by doing a
physical walkaround.

I think I may have a better understanding of why these happen, it seems to
usually be something related to DNS/WINS, registered records etc. That's
more than I knew a week ago! ^_^

Thanks for all your help everyone!


"ptwilliams" <ptw2001@hotmail.com> wrote in message
news:u$$JVgOEFHA.1264@TK2MSFTNGP12.phx.gbl...
> So you've fixed it?!?
>
> Nice. Well done!!
>
>
> --
>
> Paul Williams
>
> http://www.msresource.net/
> http://forums.msresource.net/
>
> <-> wrote in message news:uCi6h%23JEFHA.624@TK2MSFTNGP15.phx.gbl...
> I THINK I'VE GOT PAY DIRT!!!
> ----
>
>
> Type: Error
> Event ID: 4319
> Source: NetBT
> User: N/A
> Generated: 2/2/2005 11:12:24 PM
> Message: A duplicate name has been detected on the TCP network. The IP
> address of the
> machine that sent the message is in the data. Use nbtstat -n in a command
> window to see which name is in the Conflict state.
>
> Type: Warning
> Event ID: 3033
> Source: MRxSmb
> User: N/A
> Generated: 2/2/2005 11:12:24 PM
> Message: The redirector was unable to register the address for transport
> NetBT_Tcpip_{2E4FDBD6-0CE7-42D3-997E-9161E for the following reason: .
> Transport has been taken offline.
>
>
> Some NBTstat logs
>
> ---------------
>
> ---------------------------------------------
> PC1NOPROB <00> UNIQUE Registered
> PC1NOPROB <20> UNIQUE Registered
> DOMAIN <00> GROUP Registered
> DOMAIN <1E> GROUP Registered
> PC1NOPROB <01> UNIQUE Registered
>
> C:\Documents and Settings\>nbtstat -a PC2NOTRUST
>
> Local Area Connection:
> Node IpAddress: [10.30.49.61] Scope Id: []
>
> NetBIOS Remote Machine Name Table
>
> Name Type Status
> ---------------------------------------------
> PC2NOTRUST <00> UNIQUE Registered
> DOMAIN <00> GROUP Registered
> PC2NOTRUST <20> UNIQUE Registered
> PC2NOTRUST <03> UNIQUE Registered
> PC2NOTRUST$ <03> UNIQUE Registered
> DOMAIN <1E> GROUP Registered
>
> MAC Address = xx-11-xx-02-F1-1B
> ============================================
>
> and the clincher:
>
>
>
> <-> wrote in message news:uX50NeJEFHA.4020@TK2MSFTNGP14.phx.gbl...
>>I see event logs on the domain controller saying their secure channel
>>password isn't correct. I was able to look at the PC's event log (though
>>couldn't map an administrative share due to trust relationship failur) and
>>honestly nothing looks out of the ordinary. I did see one thing where a
>>service running with a domain account wouldn't start due to a password
>>issue, but that would I think be more a symptom rather than the problem
>>itself.
>>
>> We do have the occasional network outage. In the last couple of months
>> we
>> have had two 1/2 hour outages and have been told that outages of 5
>> minutes
>> or less won't be reported by the NetAdmins. Also, the server admins ran
>> into this problem when rebooting a server and voluntarily rejoining it to
>> the domain.
>>
>> The setup is with a 100mbit ethernet with FDDI backbone, all based on
>> Cisco. We have three DC's, all at HQ building.
>>
>> The main problem is that occasionally a machine will not synchronize its
>> LSA password and then, it cannot serve. Best guess is that it had
>> network
>> problems when it was its time to synchronize it, and it just got out of
>> sync.
>>
>> I have checked the netlogon logs and not seen anything, I'll run the
>> kerberos check and see if that turns anything up.
>>
>> "ptwilliams" <ptw2001@hotmail.com> wrote in message
>> news:uBZT4nHEFHA.1600@TK2MSFTNGP10.phx.gbl...
>>>I assume we're talking about the secure channel trusts? If this is
>>> happening you've probably got networking problems, and/ or name
>>> resolution
>>> problems.
>>>
>>> Like Allen said, are there errors/ warnings in the event logs?
>>>
>>> Are these mainly remote machines over a poor line, etc.?
>>>
>>> What can you tell us about your setup and the environment?
>>>
>>>
>>> --
>>>
>>> Paul Williams
>>>
>>> http://www.msresource.net/
>>> http://forums.msresource.net/
>>>
>>> <-> wrote in message news:uOFjl2FEFHA.4072@TK2MSFTNGP10.phx.gbl...
>>> I say PC's but it can say servers too. I'm not quite so concerned if
>>> it's
>>> just a workstation but when it happens to a windows server it can no
>>> longer
>>> serve. The computer accounts haven't been deleted from the domain. Is
>>> there anything I can do proactively?
>>>
>>>
>>>
>>
>>
>
>
>
!