Thursday, January 10, 2013

Alternative Solution for Domain Error


I’m sure that most of us do encounter PCs with error “the trust relationship between this workstation and the primary domain failed”. The problem actually occurs when the machine can no longer communicate securely with the Active Directory or the machine’s private secret (bits of cryptographic data called Kerberos keytab stored in the local security authority) is not set to the same value stored in the domain controller (Active Directory). You will also receive the same error for some reason when the system time on the machine is out of sync with the system time on the domain controller.
 
Most of us will perform domain rejoin to restore the trust relationship and if you Google for this error, plenty of information from support blogs and Microsoft articles will provide the same solution.
 
I’ve found an alternative solution which is less messy and maybe a better fix as this will not mess the registry. Alternative: Just change your Kerberos keytab (computer password) using netdom.exe!
 
netdom.exe resetpwd /s:<server> /ud:<user> /pd:*
 
Where:
 
            <server>           = domain controller
            <user>              = DOMAIN\User format with right to change the computer password
 
Here’s the steps:
 
1.     You need to be able to get onto the machine. Normally, just log in with the local Administrator account.
2.     Make sure the computer has netdom.exe. Windows XP and above should already been equip with it. For other platforms: http://technet.microsoft.com/en-us/library/ee649281(WS.10).aspx
3.     Run netdom.exe to change password.
a.     Open Command Prompt (with Administrative rights).
b.    Type the following command - netdom.exe resetpwd /s:<server> /ud:<user> /pd:*
4.     Reboot machine.
 

0 comments:

Post a Comment

© 1998 NINJA20 v2.5, All Rights Reserved. Powered by Blogger

Designed by ScreenWritersArena