The trust relationship between this workstation and primary domain fai

[zeezam]

Is there any fix for this?

My w7 clients got this message several times and I have to rejoin the domain.

We are running 2003 dc and w7 clients...

[cluberti]

The only time you'd get it is if the computer account password no longer matches the one in AD. If it's happening frequently, is there something specific you're doing with your DCs (or with your Win7 clients) that would cause the passwords to be out of sync?

[zeezam]

The only time you'd get it is if the computer account password no longer matches the one in AD. If it's happening frequently, is there something specific you're doing with your DCs (or with your Win7 clients) that would cause the passwords to be out of sync?

Ok.

Not what I know. Is there anything I can check or any policy I can set for this?

[IcemanND]

I've been seeing the same thing in my environment and have yet to find the cause. If you have NETDOM you can use it to resync the computer account password with the domain. Or you can unjoin the machine form the domain, not need to perform the reboot, then rejoin it to the domain and reboot and with the exception of one machine I have not had any repeat customers.

[Octopuss]

This happens semi-regularly in out customer's domain. The trouble is there are two DCs and the secondary somehow acts as primary or something. The PC's account is created on the secondary, but nothing shows up on primary.

[cluberti]

Well, password synchronizations are done on the PDC emulator first, and then replicated out. If you look at the event logs for both, I'm guessing one (or both) of them are having issues. There should be event viewer interesting'ness on the DCs, at least, and maybe the clients too.

[IcemanND]

Cluberti, you know anything specific we could look for? I've glanced at the client logs but never noticed anything useful. I don't have access to the DCs to look at those logs but if I had any starting point I would be better off than I am now.

[Cyrius]

I have gotten this a few times and resetting it to the old password through AD Users and Computers allowed me to get back in.

This typically has happened on my Road Warrior laptops which are not often connected to my actual domain, but which are a member.

Edited February 23, 2012 by Cyrius

[cluberti]

@IcemanND, you would need to look at the logs on the DCs.

[IcemanND]

I was afraid of that. And with as random as it happens finding something useful in them can be next to impossible with six DC's to dig through.

[cluberti]

Password changes happen first on the pdc - use ntdsutil to figure out which one that is, and that's the one to look at for starters. If it was easy, we could replace you with the janitor!

[tj18]

Thanks - The replies here helped shed some light on my issue - but still need more assistance. Will make a separate post.. and will probably need to learn the syntax's of ntdsutil.