Why do PC's lose their trust relationship?

Archived from groups: microsoft.public.active.directory.interfaces,microsoft.public.win2000.active_directory,microsoft.public.windows.activedirectory.dsml,microsoft.public.windows.server.active_directory (More info?)

I say PC's but it can say servers too. I'm not quite so concerned if it's
just a workstation but when it happens to a windows server it can no longer
serve. The computer accounts haven't been deleted from the domain. Is
there anything I can do proactively?
6 answers Last reply
More about lose trust relationship
  1. Archived from groups: microsoft.public.active.directory.interfaces,microsoft.public.win2000.active_directory,microsoft.public.windows.activedirectory.dsml,microsoft.public.windows.server.active_directory (More info?)

    Trust relationships rely on security certificates ttl and how they are setup,
    when they expire and whether they have the ability to renew. Additionally,
    checking NetBIOS and DNS may help you obtain more information. Check your
    event logs (PC and server) and post back security and trust related
    information of run Netdiag /test:kerberos and see if any inconsistencies pop
    up.

    -Allen Firouz


    "-" wrote:

    > I say PC's but it can say servers too. I'm not quite so concerned if it's
    > just a workstation but when it happens to a windows server it can no longer
    > serve. The computer accounts haven't been deleted from the domain. Is
    > there anything I can do proactively?
    >
    >
    >
  2. Archived from groups: microsoft.public.active.directory.interfaces,microsoft.public.win2000.active_directory,microsoft.public.windows.activedirectory.dsml,microsoft.public.windows.server.active_directory (More info?)

    I assume we're talking about the secure channel trusts? If this is
    happening you've probably got networking problems, and/ or name resolution
    problems.

    Like Allen said, are there errors/ warnings in the event logs?

    Are these mainly remote machines over a poor line, etc.?

    What can you tell us about your setup and the environment?


    --

    Paul Williams

    http://www.msresource.net/
    http://forums.msresource.net/

    <-> wrote in message news:uOFjl2FEFHA.4072@TK2MSFTNGP10.phx.gbl...
    I say PC's but it can say servers too. I'm not quite so concerned if it's
    just a workstation but when it happens to a windows server it can no longer
    serve. The computer accounts haven't been deleted from the domain. Is
    there anything I can do proactively?
  3. Archived from groups: microsoft.public.active.directory.interfaces,microsoft.public.win2000.active_directory,microsoft.public.windows.activedirectory.dsml,microsoft.public.windows.server.active_directory (More info?)

    I see event logs on the domain controller saying their secure channel
    password isn't correct. I was able to look at the PC's event log (though
    couldn't map an administrative share due to trust relationship failur) and
    honestly nothing looks out of the ordinary. I did see one thing where a
    service running with a domain account wouldn't start due to a password
    issue, but that would I think be more a symptom rather than the problem
    itself.

    We do have the occasional network outage. In the last couple of months we
    have had two 1/2 hour outages and have been told that outages of 5 minutes
    or less won't be reported by the NetAdmins. Also, the server admins ran
    into this problem when rebooting a server and voluntarily rejoining it to
    the domain.

    The setup is with a 100mbit ethernet with FDDI backbone, all based on Cisco.
    We have three DC's, all at HQ building.

    The main problem is that occasionally a machine will not synchronize its LSA
    password and then, it cannot serve. Best guess is that it had network
    problems when it was its time to synchronize it, and it just got out of
    sync.

    I have checked the netlogon logs and not seen anything, I'll run the
    kerberos check and see if that turns anything up.

    "ptwilliams" <ptw2001@hotmail.com> wrote in message
    news:uBZT4nHEFHA.1600@TK2MSFTNGP10.phx.gbl...
    >I assume we're talking about the secure channel trusts? If this is
    > happening you've probably got networking problems, and/ or name resolution
    > problems.
    >
    > Like Allen said, are there errors/ warnings in the event logs?
    >
    > Are these mainly remote machines over a poor line, etc.?
    >
    > What can you tell us about your setup and the environment?
    >
    >
    > --
    >
    > Paul Williams
    >
    > http://www.msresource.net/
    > http://forums.msresource.net/
    >
    > <-> wrote in message news:uOFjl2FEFHA.4072@TK2MSFTNGP10.phx.gbl...
    > I say PC's but it can say servers too. I'm not quite so concerned if it's
    > just a workstation but when it happens to a windows server it can no
    > longer
    > serve. The computer accounts haven't been deleted from the domain. Is
    > there anything I can do proactively?
    >
    >
    >
  4. Archived from groups: microsoft.public.active.directory.interfaces,microsoft.public.win2000.active_directory,microsoft.public.windows.activedirectory.dsml,microsoft.public.windows.server.active_directory (More info?)

    I THINK I'VE GOT PAY DIRT!!!
    ----


    Type: Error
    Event ID: 4319
    Source: NetBT
    User: N/A
    Generated: 2/2/2005 11:12:24 PM
    Message: A duplicate name has been detected on the TCP network. The IP
    address of the
    machine that sent the message is in the data. Use nbtstat -n in a command
    window to see which name is in the Conflict state.

    Type: Warning
    Event ID: 3033
    Source: MRxSmb
    User: N/A
    Generated: 2/2/2005 11:12:24 PM
    Message: The redirector was unable to register the address for transport
    NetBT_Tcpip_{2E4FDBD6-0CE7-42D3-997E-9161E for the following reason: .
    Transport has been taken offline.


    Some NBTstat logs

    ---------------

    ---------------------------------------------
    PC1NOPROB <00> UNIQUE Registered
    PC1NOPROB <20> UNIQUE Registered
    DOMAIN <00> GROUP Registered
    DOMAIN <1E> GROUP Registered
    PC1NOPROB <01> UNIQUE Registered

    C:\Documents and Settings\>nbtstat -a PC2NOTRUST

    Local Area Connection:
    Node IpAddress: [10.30.49.61] Scope Id: []

    NetBIOS Remote Machine Name Table

    Name Type Status
    ---------------------------------------------
    PC2NOTRUST <00> UNIQUE Registered
    DOMAIN <00> GROUP Registered
    PC2NOTRUST <20> UNIQUE Registered
    PC2NOTRUST <03> UNIQUE Registered
    PC2NOTRUST$ <03> UNIQUE Registered
    DOMAIN <1E> GROUP Registered

    MAC Address = xx-11-xx-02-F1-1B
    ============================================

    and the clincher:


    <-> wrote in message news:uX50NeJEFHA.4020@TK2MSFTNGP14.phx.gbl...
    >I see event logs on the domain controller saying their secure channel
    >password isn't correct. I was able to look at the PC's event log (though
    >couldn't map an administrative share due to trust relationship failur) and
    >honestly nothing looks out of the ordinary. I did see one thing where a
    >service running with a domain account wouldn't start due to a password
    >issue, but that would I think be more a symptom rather than the problem
    >itself.
    >
    > We do have the occasional network outage. In the last couple of months we
    > have had two 1/2 hour outages and have been told that outages of 5 minutes
    > or less won't be reported by the NetAdmins. Also, the server admins ran
    > into this problem when rebooting a server and voluntarily rejoining it to
    > the domain.
    >
    > The setup is with a 100mbit ethernet with FDDI backbone, all based on
    > Cisco. We have three DC's, all at HQ building.
    >
    > The main problem is that occasionally a machine will not synchronize its
    > LSA password and then, it cannot serve. Best guess is that it had network
    > problems when it was its time to synchronize it, and it just got out of
    > sync.
    >
    > I have checked the netlogon logs and not seen anything, I'll run the
    > kerberos check and see if that turns anything up.
    >
    > "ptwilliams" <ptw2001@hotmail.com> wrote in message
    > news:uBZT4nHEFHA.1600@TK2MSFTNGP10.phx.gbl...
    >>I assume we're talking about the secure channel trusts? If this is
    >> happening you've probably got networking problems, and/ or name
    >> resolution
    >> problems.
    >>
    >> Like Allen said, are there errors/ warnings in the event logs?
    >>
    >> Are these mainly remote machines over a poor line, etc.?
    >>
    >> What can you tell us about your setup and the environment?
    >>
    >>
    >> --
    >>
    >> Paul Williams
    >>
    >> http://www.msresource.net/
    >> http://forums.msresource.net/
    >>
    >> <-> wrote in message news:uOFjl2FEFHA.4072@TK2MSFTNGP10.phx.gbl...
    >> I say PC's but it can say servers too. I'm not quite so concerned if
    >> it's
    >> just a workstation but when it happens to a windows server it can no
    >> longer
    >> serve. The computer accounts haven't been deleted from the domain. Is
    >> there anything I can do proactively?
    >>
    >>
    >>
    >
    >
  5. Archived from groups: microsoft.public.active.directory.interfaces,microsoft.public.win2000.active_directory,microsoft.public.windows.activedirectory.dsml,microsoft.public.windows.server.active_directory (More info?)

    So you've fixed it?!?

    Nice. Well done!!


    --

    Paul Williams

    http://www.msresource.net/
    http://forums.msresource.net/

    <-> wrote in message news:uCi6h%23JEFHA.624@TK2MSFTNGP15.phx.gbl...
    I THINK I'VE GOT PAY DIRT!!!
    ----


    Type: Error
    Event ID: 4319
    Source: NetBT
    User: N/A
    Generated: 2/2/2005 11:12:24 PM
    Message: A duplicate name has been detected on the TCP network. The IP
    address of the
    machine that sent the message is in the data. Use nbtstat -n in a command
    window to see which name is in the Conflict state.

    Type: Warning
    Event ID: 3033
    Source: MRxSmb
    User: N/A
    Generated: 2/2/2005 11:12:24 PM
    Message: The redirector was unable to register the address for transport
    NetBT_Tcpip_{2E4FDBD6-0CE7-42D3-997E-9161E for the following reason: .
    Transport has been taken offline.


    Some NBTstat logs

    ---------------

    ---------------------------------------------
    PC1NOPROB <00> UNIQUE Registered
    PC1NOPROB <20> UNIQUE Registered
    DOMAIN <00> GROUP Registered
    DOMAIN <1E> GROUP Registered
    PC1NOPROB <01> UNIQUE Registered

    C:\Documents and Settings\>nbtstat -a PC2NOTRUST

    Local Area Connection:
    Node IpAddress: [10.30.49.61] Scope Id: []

    NetBIOS Remote Machine Name Table

    Name Type Status
    ---------------------------------------------
    PC2NOTRUST <00> UNIQUE Registered
    DOMAIN <00> GROUP Registered
    PC2NOTRUST <20> UNIQUE Registered
    PC2NOTRUST <03> UNIQUE Registered
    PC2NOTRUST$ <03> UNIQUE Registered
    DOMAIN <1E> GROUP Registered

    MAC Address = xx-11-xx-02-F1-1B
    ============================================

    and the clincher:


    <-> wrote in message news:uX50NeJEFHA.4020@TK2MSFTNGP14.phx.gbl...
    >I see event logs on the domain controller saying their secure channel
    >password isn't correct. I was able to look at the PC's event log (though
    >couldn't map an administrative share due to trust relationship failur) and
    >honestly nothing looks out of the ordinary. I did see one thing where a
    >service running with a domain account wouldn't start due to a password
    >issue, but that would I think be more a symptom rather than the problem
    >itself.
    >
    > We do have the occasional network outage. In the last couple of months we
    > have had two 1/2 hour outages and have been told that outages of 5 minutes
    > or less won't be reported by the NetAdmins. Also, the server admins ran
    > into this problem when rebooting a server and voluntarily rejoining it to
    > the domain.
    >
    > The setup is with a 100mbit ethernet with FDDI backbone, all based on
    > Cisco. We have three DC's, all at HQ building.
    >
    > The main problem is that occasionally a machine will not synchronize its
    > LSA password and then, it cannot serve. Best guess is that it had network
    > problems when it was its time to synchronize it, and it just got out of
    > sync.
    >
    > I have checked the netlogon logs and not seen anything, I'll run the
    > kerberos check and see if that turns anything up.
    >
    > "ptwilliams" <ptw2001@hotmail.com> wrote in message
    > news:uBZT4nHEFHA.1600@TK2MSFTNGP10.phx.gbl...
    >>I assume we're talking about the secure channel trusts? If this is
    >> happening you've probably got networking problems, and/ or name
    >> resolution
    >> problems.
    >>
    >> Like Allen said, are there errors/ warnings in the event logs?
    >>
    >> Are these mainly remote machines over a poor line, etc.?
    >>
    >> What can you tell us about your setup and the environment?
    >>
    >>
    >> --
    >>
    >> Paul Williams
    >>
    >> http://www.msresource.net/
    >> http://forums.msresource.net/
    >>
    >> <-> wrote in message news:uOFjl2FEFHA.4072@TK2MSFTNGP10.phx.gbl...
    >> I say PC's but it can say servers too. I'm not quite so concerned if
    >> it's
    >> just a workstation but when it happens to a windows server it can no
    >> longer
    >> serve. The computer accounts haven't been deleted from the domain. Is
    >> there anything I can do proactively?
    >>
    >>
    >>
    >
    >
  6. Archived from groups: microsoft.public.active.directory.interfaces,microsoft.public.win2000.active_directory,microsoft.public.windows.activedirectory.dsml,microsoft.public.windows.server.active_directory (More info?)

    Hi,

    I was going to say, I actually got cut off in mid post, the "and the
    clincher" was that I found two machines with the same name by doing a
    physical walkaround.

    I think I may have a better understanding of why these happen, it seems to
    usually be something related to DNS/WINS, registered records etc. That's
    more than I knew a week ago! ^_^

    Thanks for all your help everyone!


    "ptwilliams" <ptw2001@hotmail.com> wrote in message
    news:u$$JVgOEFHA.1264@TK2MSFTNGP12.phx.gbl...
    > So you've fixed it?!?
    >
    > Nice. Well done!!
    >
    >
    > --
    >
    > Paul Williams
    >
    > http://www.msresource.net/
    > http://forums.msresource.net/
    >
    > <-> wrote in message news:uCi6h%23JEFHA.624@TK2MSFTNGP15.phx.gbl...
    > I THINK I'VE GOT PAY DIRT!!!
    > ----
    >
    >
    > Type: Error
    > Event ID: 4319
    > Source: NetBT
    > User: N/A
    > Generated: 2/2/2005 11:12:24 PM
    > Message: A duplicate name has been detected on the TCP network. The IP
    > address of the
    > machine that sent the message is in the data. Use nbtstat -n in a command
    > window to see which name is in the Conflict state.
    >
    > Type: Warning
    > Event ID: 3033
    > Source: MRxSmb
    > User: N/A
    > Generated: 2/2/2005 11:12:24 PM
    > Message: The redirector was unable to register the address for transport
    > NetBT_Tcpip_{2E4FDBD6-0CE7-42D3-997E-9161E for the following reason: .
    > Transport has been taken offline.
    >
    >
    > Some NBTstat logs
    >
    > ---------------
    >
    > ---------------------------------------------
    > PC1NOPROB <00> UNIQUE Registered
    > PC1NOPROB <20> UNIQUE Registered
    > DOMAIN <00> GROUP Registered
    > DOMAIN <1E> GROUP Registered
    > PC1NOPROB <01> UNIQUE Registered
    >
    > C:\Documents and Settings\>nbtstat -a PC2NOTRUST
    >
    > Local Area Connection:
    > Node IpAddress: [10.30.49.61] Scope Id: []
    >
    > NetBIOS Remote Machine Name Table
    >
    > Name Type Status
    > ---------------------------------------------
    > PC2NOTRUST <00> UNIQUE Registered
    > DOMAIN <00> GROUP Registered
    > PC2NOTRUST <20> UNIQUE Registered
    > PC2NOTRUST <03> UNIQUE Registered
    > PC2NOTRUST$ <03> UNIQUE Registered
    > DOMAIN <1E> GROUP Registered
    >
    > MAC Address = xx-11-xx-02-F1-1B
    > ============================================
    >
    > and the clincher:
    >
    >
    >
    > <-> wrote in message news:uX50NeJEFHA.4020@TK2MSFTNGP14.phx.gbl...
    >>I see event logs on the domain controller saying their secure channel
    >>password isn't correct. I was able to look at the PC's event log (though
    >>couldn't map an administrative share due to trust relationship failur) and
    >>honestly nothing looks out of the ordinary. I did see one thing where a
    >>service running with a domain account wouldn't start due to a password
    >>issue, but that would I think be more a symptom rather than the problem
    >>itself.
    >>
    >> We do have the occasional network outage. In the last couple of months
    >> we
    >> have had two 1/2 hour outages and have been told that outages of 5
    >> minutes
    >> or less won't be reported by the NetAdmins. Also, the server admins ran
    >> into this problem when rebooting a server and voluntarily rejoining it to
    >> the domain.
    >>
    >> The setup is with a 100mbit ethernet with FDDI backbone, all based on
    >> Cisco. We have three DC's, all at HQ building.
    >>
    >> The main problem is that occasionally a machine will not synchronize its
    >> LSA password and then, it cannot serve. Best guess is that it had
    >> network
    >> problems when it was its time to synchronize it, and it just got out of
    >> sync.
    >>
    >> I have checked the netlogon logs and not seen anything, I'll run the
    >> kerberos check and see if that turns anything up.
    >>
    >> "ptwilliams" <ptw2001@hotmail.com> wrote in message
    >> news:uBZT4nHEFHA.1600@TK2MSFTNGP10.phx.gbl...
    >>>I assume we're talking about the secure channel trusts? If this is
    >>> happening you've probably got networking problems, and/ or name
    >>> resolution
    >>> problems.
    >>>
    >>> Like Allen said, are there errors/ warnings in the event logs?
    >>>
    >>> Are these mainly remote machines over a poor line, etc.?
    >>>
    >>> What can you tell us about your setup and the environment?
    >>>
    >>>
    >>> --
    >>>
    >>> Paul Williams
    >>>
    >>> http://www.msresource.net/
    >>> http://forums.msresource.net/
    >>>
    >>> <-> wrote in message news:uOFjl2FEFHA.4072@TK2MSFTNGP10.phx.gbl...
    >>> I say PC's but it can say servers too. I'm not quite so concerned if
    >>> it's
    >>> just a workstation but when it happens to a windows server it can no
    >>> longer
    >>> serve. The computer accounts haven't been deleted from the domain. Is
    >>> there anything I can do proactively?
    >>>
    >>>
    >>>
    >>
    >>
    >
    >
    >
Ask a new question

Read More

Windows Server Microsoft Active Directory Windows