Trust Relationship Error
-
Check the event log, maybe there are obvious errors. Check the time, check DNS.
-
@scottalanmiller The rejoining cannot be done because of the admin password will be asked for the rejoin window itself at that time also the trust relationship error occurs,the DNS changed the Time is correct only
-
@Lakshmana said in Trust Relationship Error:
@scottalanmiller The rejoining cannot be done because of the admin password will be asked for the rejoin window itself at that time also the trust relationship error occurs,the DNS changed the Time is correct only
Might need to reinstall then.
-
@Lakshmana Need to reinstall. Should have awhile ago if this was known. Better to do it in a controlled environment than have something like this happen
-
@Lakshmana said in Trust Relationship Error:
@scottalanmiller The rejoining cannot be done because of the admin password will be asked for the rejoin window itself at that time also the trust relationship error occurs,the DNS changed the Time is correct only
How can their be a trust relationship error if you haven't joined the domain yet?
- You need to unjoin the domain
- You need to fix the time
- You need to rename your computer
- You need to rejoin the domain
-
@Lakshmana said in Trust Relationship Error:
@scottalanmiller The user who already worked in that machine can login with the old password.What can be the troubleshooting done here ??
Cached credentials.
The PC can't authenticate anyone against AD, so it's relying on itself.
Domain admins as far as I know have to be authenticated against the domain. So, unless you know the local admin password, you are going to have a difficult time. -
@IRJ said in Trust Relationship Error:
@Lakshmana said in Trust Relationship Error:
@scottalanmiller The rejoining cannot be done because of the admin password will be asked for the rejoin window itself at that time also the trust relationship error occurs,the DNS changed the Time is correct only
How can their be a trust relationship error if you haven't joined the domain yet?
- You need to unjoin the domain
- You need to fix the time
- You need to rename your computer
- You need to rejoin the domain
Also, check AD for the old name and delete it if you find it. No sense keeping an old broken record.
-
There are other ways, apparently to fix without the unjoin/rejoin but I've never had them work on the multiple attempts that I've made to use them.
There is some good information here: https://community.spiceworks.com/topic/594585-the-trust-relationship-between-this-workstation-and-the-primary-domain-failed
-
You can simply unplug the Ethernet cable, reboot and login with the domain admin login. It then cant check the domain on reboot and should let you in. You can then fix the time, remove it, make a local admin user, reboot, rejoin to domain. done this many times in the past, if I am understanding you.
-
@momurda said in Trust Relationship Error:
You can simply unplug the Ethernet cable, reboot and login with the domain admin login. It then cant check the domain on reboot and should let you in. You can then fix the time, remove it, make a local admin user, reboot, rejoin to domain. done this many times in the past, if I am understanding you.
I got the impression that he doesn't have any admin passwords.
-
@scottalanmiller @Lakshmana
Ah, if that is the case then there is an option to use the NT Offline PW reset bootable iso and change the local administrator pw or blank it. You can then login as the local administrator, and remove the pc from the domain using that account.
That would then require the object to be deleted from AD manually some time in the future. the pc would then also need to be renamed as well I think if you wanted to rejoin it. -
If he has no admin password access at all then there is no point in doing anything because even a clean install will require a domain admin password to join the system to the domain.
-
@momurda said in Trust Relationship Error:
You can simply unplug the Ethernet cable, reboot and login with the domain admin login. It then cant check the domain on reboot and should let you in. You can then fix the time, remove it, make a local admin user, reboot, rejoin to domain. done this many times in the past, if I am understanding you.
This only works if a domain admin has logged into the PC in the past - i.e. uses Cached Credentials.
-
@scottalanmiller said in Trust Relationship Error:
@momurda said in Trust Relationship Error:
You can simply unplug the Ethernet cable, reboot and login with the domain admin login. It then cant check the domain on reboot and should let you in. You can then fix the time, remove it, make a local admin user, reboot, rejoin to domain. done this many times in the past, if I am understanding you.
I got the impression that he doesn't have any admin passwords.
The impression I got was that he doesn't have either a local admin password or a cached domain admin (of course, he might have a cached domain admin, but if he didn't unplug the ethernet, then it would deny him because of the lack of account trust).
-
@momurda said in Trust Relationship Error:
@scottalanmiller @Lakshmana
Ah, if that is the case then there is an option to use the NT Offline PW reset bootable iso and change the local administrator pw or blank it. You can then login as the local administrator, and remove the pc from the domain using that account.
That would then require the object to be deleted from AD manually some time in the future. the pc would then also need to be renamed as well I think if you wanted to rejoin it.Assuming JB's assertion is wrong, and they really do know the domain admin username/password, but they don't have a working local admin password - this solution will work for resetting the local admin, which then can then use as indicated.
