Click here to get back home

Re-establishing a trust relationship between a client and Win2K3...?
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Re-establishing a trust relationship between a client and Win2K3...? Noctaire 07-31-2007
Posted by Noctaire on July 31, 2007, 9:04 am
Please log in for more thread options
 A domain was recently reconfigured. Many of the machines are generating
a netlogon error that says to re-establish the trust relationship.

Does anyone have a link to a white paper/kb article on how to do this?
(Or a simple step-by-step?)

Thanks....

Posted by Roger Abell [MVP] on August 1, 2007, 1:09 am
Please log in for more thread options
 Often the most simple is to reset the computer obj and/or rejoin.
The trust is between the machine local SAM sys and domain realm.

Perhaps there is a more simple answer hiding under "domain was
recently reconfigured" . Specifics ?

Roger

>A domain was recently reconfigured. Many of the machines are generating a
>netlogon error that says to re-establish the trust relationship.
>
> Does anyone have a link to a white paper/kb article on how to do this? (Or
> a simple step-by-step?)
>
> Thanks....



Posted by Noctaire on August 1, 2007, 4:59 am
Please log in for more thread options
Roger Abell [MVP] wrote:
> Often the most simple is to reset the computer obj and/or rejoin.
> The trust is between the machine local SAM sys and domain realm.
>
> Perhaps there is a more simple answer hiding under "domain was
> recently reconfigured" . Specifics ?


The server crashed and all hands were lost, no usable backup (all
backups were corrupted). It was reconfigured from the grounds up and
placed into service under the same domain name as previously configured.

The clients keep their configurations and e-mail stored locally on the
computer. Most are running XP Pro, fully patched.

The goal is to get them back on the domain without having to reconfigure
their e-mail and personal settings.

James

Posted by Roger Abell [MVP] on August 1, 2007, 12:11 pm
Please log in for more thread options
> Roger Abell [MVP] wrote:
>> Often the most simple is to reset the computer obj and/or rejoin.
>> The trust is between the machine local SAM sys and domain realm.
>>
>> Perhaps there is a more simple answer hiding under "domain was
>> recently reconfigured" . Specifics ?
>
>
> The server crashed and all hands were lost, no usable backup (all backups
> were corrupted). It was reconfigured from the grounds up and placed into
> service under the same domain name as previously configured.
>
> The clients keep their configurations and e-mail stored locally on the
> computer. Most are running XP Pro, fully patched.
>
> The goal is to get them back on the domain without having to reconfigure
> their e-mail and personal settings.
>
James,
In that case "reconfigured" is a misnomer.
The domain was ripped out from under the joined machines.
A new domain has been built. Names may be the same , but
it is a new, different domain.
The clients now need to be introduced (joined) to it.
That is your option.
Roger



Posted by jwgoerlich on August 1, 2007, 3:49 pm
Please log in for more thread options
Hello James,

As Roger mentioned, you will have to rejoin the Windows XP machines to
the new domain. I am not sure how many machines this means. If ther
eare a log, then the easiest method is to install the support tools
and use NetDom. You can use a batch script with "NetDom Join" to do
the join automatically. This requires an administrator-level account
in Active Directory and exposes the password in clear text. I
recommend creating a temporary admin user and deleting it once you are
done.

If you are using DHCP and Dynamic DNS in conjunction with Active
Directory, and most sites are, then there is an additional preparation
step. Open the DNS console and remove all entries for the
workstations. The workstations will not be able to update the old
records and will generate DnsApi Event ID 11197 warnings if the DNS
entries are not removed before rejoining the domain.

Regards,

J Wolfgang Goerlich


Related Links:

Windows XP Service Pack 2 Support Tools
http://www.microsoft.com/downloads/details.aspx?FamilyID=49ae8576-9bb9-4126-9761-ba8011fabf38&DisplayLang=en

> Roger Abell [MVP] wrote:
> > Often the most simple is to reset the computer obj and/or rejoin.
> > The trust is between the machine local SAM sys and domain realm.
>
> > Perhaps there is a more simple answer hiding under "domain was
> > recently reconfigured" . Specifics ?
>
> The server crashed and all hands were lost, no usable backup (all
> backups were corrupted). It was reconfigured from the grounds up and
> placed into service under the same domain name as previously configured.
>
> The clients keep their configurations and e-mail stored locally on the
> computer. Most are running XP Pro, fully patched.
>
> The goal is to get them back on the domain without having to reconfigure
> their e-mail and personal settings.
>
> James



Similar ThreadsPosted
permissions across domain without trust? August 7, 2006, 4:04 pm
Question regarding Certificate Trust Lists November 20, 2007, 4:38 pm
Creating and verifying Domain trust programatically July 5, 2005, 7:09 pm
Trust for a (locally-issued) Certificate Authority November 1, 2006, 3:09 pm
RPC Local Security Windows 2003 Trust Issue February 2, 2006, 9:02 am
Win2k3 SP1- Removing Ctrl+Alt Del June 28, 2005, 1:55 pm
WIN2K3 SP1 for a web server I am deploying October 3, 2005, 7:10 am
Win2k3/IIS Kerberos challenges December 22, 2005, 1:42 pm
xp to win2k3 printing problem July 27, 2006, 5:00 am
creat a domain trust between Windows 2000 server, it show error message:"PRC server is unavailable" July 3, 2006, 3:59 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap