Re: Trust relationship between this workstation and Primary Domain
- From: mnoon@xxxxxxxxx <mnoonwffcuorg@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 12 Apr 2006 07:09:03 -0700
Richard,
I understood what you asked me to do, but I had already tried that way at
least a dozen times before. That is one of the things that should have worked
that I had read earlier in some of the other posts to the newsgroup. That's
the part that's so frustrating, it should fix the problem but it doesn't. I
decided to do a fresh install and try that method again, after you suggested
it, with a new computer ID, a new workgroup ID, but again to no avail. I
really think it hinges on that broken trust relationship somehow tied to a
GUID from the computer that doesn't change with changes to a new ID or even a
fresh install. It really seems in a lot of ways that I am being joined to the
domain partially. I say this because I see the computer in AD Users &
Computers, group policy for the domain is applied to the PC (because of
password policy, renamed admin account, automatic updates are controlled by
domain policy & I see the PC on WSUS update server). So far, it seems I just
can't get domain user accounts logged on to the domain from that PC. My
biggest fear is if there is a problem on the domain side and I will not be
able to join ANY new PC to the domain in the future. I have a document
imaging and storage server that will be needed to be added to the domain in
about a month, so I am really nervous now about that. I appreciate all of
your help and suggestions so far, so if you can think of anything else based
on what I've told you this time, please let me know.
Thanks,
- Mike
"Richard G. Harper" wrote:
Ah, no; that's not what I asked. You should have tried, before reinstalling.
Windows and/or changing the computer's credentials, specifically using the
Network Identification tab to remove it from the domain. It's likely now
too late since you've reinstalled Windows. If the DNS configuration is
correct (pointing only to the domain DNS master for name resolution) then
you may simply have to disjoin the domain correctly, remove all machine
accounts for the machine, then re-join the domain.
--
Richard G. Harper [MVP Shell/User] rgharper@xxxxxxxxx
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm
"mnoon@xxxxxxxxx" <mnoonwffcuorg@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8A34010B-CD3A-47D6-82AC-1D9408877A5F@xxxxxxxxxxxxxxxx
Yes, unfortunately, I have tried that many times without success. In fact,
this morning I once again did a fresh install of WinXP SP2, gave the
computer
a new different name in a new different workgroup, rebooted, and tried
once
again to join the domain. Once again it appeared I was joined to the
domain
(and partly I am because I can tell that group policy is applied because
of
logon disclaimer and renamed administrator account) but I still hang at
"loading personal settings". I walked away and let it sit for half an
hour.
When I came back it's still sitting at the same screen. No domain user can
log on to the domain at this PC.
"Richard G. Harper" wrote:
Have you un-joined the computer from the domain? That is likely the only
way to repair the damage. Un-join the PC by logging onto it as
"Workstation
Only", then remove it from the domain and move it to a workgroup. The
process will complete with an error message, which is fine. Then reboot
the
PC and log onto the workgroup, re-joining the domain only then.
--
Richard G. Harper [MVP Shell/User] rgharper@xxxxxxxxx
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm
"mnoon@xxxxxxxxx" <mnoon@xxxxxxxxx@discussions.microsoft.com> wrote in
message news:2006E992-5711-4E01-8AED-6BA99FC13BBD@xxxxxxxxxxxxxxxx
I have never had trouble joining clients to the Win 2k domain before,
but
this time I accidentally lost track of workstation #'s and joined a
client
to
the domain with the same name as an existing client. I realized my
mistake
after a user could not log on to the other workstation. I managed to
get
that
workstation joined back to the domain under a new name, but the newest
machine, WinXP Pro SP2, now will not join the domain, no matter what. I
should say that I can get it to join - I get the welcome message - but
it
always hangs on "loading your personal settings" when I try to log on
to
the
domain for the first time ( with a domain admin account). I have gone
through
these posts and tried many things, moving to a workgroup and rejoining,
adding through netdom, resetting secure channels, etc... any number of
times,
even reinstalled the OS on the client - all to no avail. It's as if
this
machine is blackballed as far as the AD domain is concerned. The error
that
is always there is that the "trust relationship between this
workstation
and
the primary domain failed". Can this trust relationship be manually
repaired?
How? Also, how does the domain identify this PC uniquely? Is the GUID
from
the NIC, a BIOS chip, the CPU, or the OS key? If I can't fix it, can I
fool
it (the domain) into thinking this is a different machine? Any help
would
be
greatly appreciated. This is a particularly puzzling problem because
all
the
things in the forum that should have fixed this have failed to do so,
so
far.
- Thanks, Mike
- References:
- Re: Trust relationship between this workstation and Primary Domain Fai
- From: Richard G. Harper
- Re: Trust relationship between this workstation and Primary Domain
- From: Richard G. Harper
- Re: Trust relationship between this workstation and Primary Domain Fai
- Prev by Date: Re: Replicate Wins problem
- Next by Date: Re: DHCP and the 80/20 rule
- Previous by thread: Re: Trust relationship between this workstation and Primary Domain
- Next by thread: Re: no one can ping
- Index(es):
Relevant Pages
|
