Re: Trust relationship between this workstation and the primary do

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

go to ad console right click the computer account choose reset and go to the computer and re-add it to the domain.
Simple and fast.

--

I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE

"Server Guy" <ServerGuy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:97CCD7AB-3DA0-40C1-B602-F238DE7D439D@xxxxxxxxxxxxxxxx
If I run the "NLTEST /sc_reset:ABC.org" from the affected workstation, will
it remove then rebuild the secure channel for that station only or will it do
that for all stations?

Just trying to see the scope of what it's going to do so I know whether to
to perform a system state backup prior to running this.

I know the importance of backups but just need to schedule it if needed.

Many thanks!

/sc_reset:[ DomainName]
Removes and then rebuilds the secure channel established by the NetLogon
service. Administrative rights are required to perform this command.




"Paul Bergson [MVP-DS]" wrote:

Yes, as expected. You want to use nltest to reset the connection to your
dc.

http://support.microsoft.com/kb/216393

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Server Guy" <ServerGuy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D321C7F7-88D3-4FA3-96E9-7B38C776E708@xxxxxxxxxxxxxxxx
> Hi, The following is the result of the NLtest from the affected
> workstation.
> I did get 1 error.
>
> I checked services on my DC and Net Logon appears to be started. Not > sure
> if there is another service not listed that I need.
>
> Any more thoughts?
>
> Thanks again!!!
>
> ============================
> L:\>nltest /server:MYServer
> The command completed successfully
>
> L:\>nltest /sc_query:ABC.org
> Flags: 30 HAS_IP HAS_TIMESERV
> Trusted DC Name \\MYServer.ABC.org
> Trusted DC Connection Status Status = 0 0x0 NERR_Success
> The command completed successfully
>
> L:\>nltest /sc_verify:ABC.org
> I_NetLogonControl failed: Status = 5 0x5 ERROR_ACCESS_DENIED
>
> ============================
>
> "Paul Bergson [MVP-DS]" wrote:
>
>> Jorge is referring to nltest
>>
>> http://support.microsoft.com/kb/216393
>>
>> -- >> Paul Bergson
>> MVP - Directory Services
>> MCT, MCSE, MCSA, Security+, BS CSci
>> 2003, 2000 (Early Achiever), NT
>>
>> http://www.pbbergs.com
>>
>> Please no e-mails, any questions should be posted in the NewsGroup
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message
>> news:5343E3CB-678A-4FD9-9115-9F506DF3701A@xxxxxxxxxxxxxxxx
>> > Hi
>> > Try
>> > Reset the computer account in AD, then re-add it to the domain.
>> >
>> > -- >> >
>> > I hope that the information above helps you.
>> > Have a Nice day.
>> > Jorge Silva
>> > MCSE
>> >
>> > "Server Guy" <ServerGuy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> > news:E273F66A-C6BE-4DCC-B5F5-6B8B00844A21@xxxxxxxxxxxxxxxx
>> >> Have a big problem I sure could use some help with!
>> >>
>> >> When I try to add a new user account at a workstation previously
>> >> joined
>> >> to a
>> >> domain, I get an error saying I can't add the user because
>> >>
>> >> "the trust relationship between this workstation and the primary
>> >> domain
>> >> failed ".
>> >>
>> >> I tried removing the computer object from AD & re-joining but that
>> >> didn't
>> >> help. This is ocurring on stations that are working fine >> >> otherwise.
>> >> The
>> >> only problem is adding a new user account on the station. Existing
>> >> accounts
>> >> on the stations are working fine. If I add an existing account to >> >> a
>> >> different station, same result. Tried setting up a new account in >> >> AD.
>> >> Same
>> >> error when adding account to station.
>> >>
>> >> I'm not sure when the problem first ocurred, just that is causing
>> >> issues
>> >> of
>> >> not being able to setup new accounts. Big Problem!
>> >>
>> >> I'm open to suggestions! Is there a security DB or something >> >> that's
>> >> corrupted or needs to be sync'ed? I've searched and found >> >> referrences
>> >> to
>> >> the
>> >> error message but not one generated from trying to add a user to a
>> >> station.
>> >>
>> >> Thanks in advance!!!
>> >>
>> >> Server is W2k SP4, DC, DNS
>> >> Workstation(s) XP-Pro SP2
>> >> Member Win2003 SP1 server
>> >
>>
>>
>>




.

Relevant Pages

  • Re: SBS 2008 DCPromo Fails
    ... “Answer File” for the new server. ... as also including the Administrator account, ... computer account on the AD structure disabled and I have to delete it before ...
    (microsoft.public.backoffice.smallbiz)
  • Re: Random "computer account was not found" broken profiles Server
    ... It could be connectivity, DNS, computer account password, secure ... Speaking of connectivity, "ping" alone doesn't count. ... Make sure that your clients use only their local DNS Server. ...
    (microsoft.public.windows.server.active_directory)
  • RE: Quick question on resetting computer accounts in AD
    ... SBS Server Management console does not have "Reset Account" command to ... In fact, the SBS Server Management console has already integrated ADUC, you ... Right click the computer account in right pane, ...
    (microsoft.public.windows.server.sbs)
  • Re: Changed name of machine = cant login
    ... I was getting an error "The credentials supplied conflict with an existing ... network cable, rebooted, logged in w/ local admin account, clicked my way ... creating a computer account in AD is not going to resolve your ... > The steps you took to rename the machine are wrong. ...
    (microsoft.public.win2000.networking)
  • Re: Local System Account & Network Access
    ... 'MyPc$' computer account when it is running as Local System. ... Logon ID: ...
    (microsoft.public.security)