The trust relationship between this workstation and the primary domain failed.

I've successfully deployed the image from the k2 but when logging in to the domain I get this message. I've read a bunch and look everywhere to find out what might be causing this issue and no luck. Everything works if i leave the domain and rejoin.

    <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">

Any tips would be great! Thanks in advance!

0 Comments   [ + ] Show comments

Answers (4)

Answer Summary:
Posted by: dugullett 9 years ago
Red Belt

Have you thought about joining the domain as a post install rather than in the xml? I never had much luck with doing it that way.

  • I'll +1 this suggestion. It isn't too difficult to set this up, and it seems to work much better than the unattend file. - Ben M 9 years ago
  • I put the join_domain.vbs in the windows\system32 directory on my images so all I have to do is call it as a post task.
    I autologon as a local account and let the post run and join the domain during that part and then autologon as a domain user for 2 more time after that so GPO's and other can update.
    http://www.itninja.com/blog/view/windows-7-image-process-for-the-college-s-classrooms - SMal.tmcc 9 years ago
  • Thanks for all the replies. SMal.tmcc can I bug you to post your vbscript for joining the domain? Thanks in advance. - iandizon 9 years ago
    • I've used this before http://www.kace.com/support/resources/kb/article/How-to-rename-a-computer-and-join-it-to-a-Windows-domain-Image-Deployment

      We are currently using the "Add-Computer" command in Powershell. It's a lot less steps and easy setup. - dugullett 9 years ago
    • Should be on your kbox, it came with mine. I found it at \\ikbox\peinst\applications\3.
      Note: We pre-create our machines in the correct ou ahead of time using an ldap utility or just reuse the existing name. This script will put a machine in the default OU if it is not already an object. I have seen some great scripts from the others that will let you choose your OU also.

      Const JOIN_DOMAIN = 1
      Const ACCT_CREATE = 2
      Const ACCT_DELETE = 4
      Const WIN9X_UPGRADE = 16
      Const DOMAIN_JOIN_IF_JOINED = 32
      Const JOIN_UNSECURE = 64
      Const DEFERRED_SPN_SET = 256
      Const INSTALL_INVOCATION = 262144

      If WScript.Arguments.Count &amp;amp;lt; 3 or WScript.Arguments.Count &amp;amp;gt; 4 Then
      strDomain = WScript.Arguments.Item(0)
      strUser = WScript.Arguments.Item(1)
      strPassword = WScript.Arguments.Item(2)

      'set DNS IP address
      If WScript.Arguments.Count = 4 Then
      strDNSIP = WScript.Arguments.Item(3)
      Set objShell = CreateObject(&amp;amp;quot;WScript.shell&amp;amp;quot;)
      objShell.Run &amp;amp;quot;netsh int ip set dns &amp;amp;quot;&amp;amp;quot;local area connection&amp;amp;quot;&amp;amp;quot; static &amp;amp;quot;&amp;amp;amp; _
      strDNSIP &amp;amp;amp;&amp;amp;quot; primary&amp;amp;quot;,0,0
      End If

      End If

      Set objNetwork = CreateObject(&amp;amp;quot;WScript.Network&amp;amp;quot;)
      strComputer = objNetwork.ComputerName

      Set objComputer = GetObject(&amp;amp;quot;winmgmts:{impersonationLevel=Impersonate}!\\&amp;amp;quot; &amp;amp;amp; _
      strComputer &amp;amp;amp; _
      &amp;amp;quot;\root\cimv2:Win32_ComputerSystem.Name='&amp;amp;quot; _
      &amp;amp;amp; strComputer &amp;amp;amp; &amp;amp;quot;'&amp;amp;quot;)
      ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
      strPassword, _
      strDomain &amp;amp;amp; &amp;amp;quot;\&amp;amp;quot; &amp;amp;amp; strUser, _
      NULL, _
      JOIN_DOMAIN+ACCT_CREATE) - SMal.tmcc 9 years ago
Posted by: SMal.tmcc 9 years ago
Red Belt

the two things I know that have caused this.

The target machines date and time is different from the DC's.

You have more then one machine with the same name (usually caused having machine name in the unattended file and all got it or as Ben said not syspreping).

Posted by: Ben M 9 years ago
9th Degree Black Belt

Just a guess, but the last time I saw this it was caused by me not sysprepping my image. 

Posted by: piyushnasa 9 years ago
Red Belt

It happens with my VM Images every month once.

I have to rejoin it to domain by logging in as a local administrator and then retaking the snapshot.

Any resolution for that as well?

  • Just curious what form of VM are you using? I seem to have the same problem as well. I never took the time to troubleshoot it. After I get logged in I usually forget about it until the next time. - dugullett 9 years ago
  • http://blogs.msdn.com/b/mikekol/archive/2009/03/18/does-restoring-a-snapshot-break-domain-connectivity-here-s-why.aspx - jagadeish 9 years ago
    • Cool..... so looks like I'll keep changing every month. - dugullett 9 years ago
  • You can change the time of expiration of the secure channel password on the domain from the default of 30 days to a larger number or just do not require one at all. We have had to up our expiration to 180 days. We use deepfreeze on the acad side the machines never really update their end till they are thawed. - SMal.tmcc 9 years ago
  • Thanks for your inputs everyone.. It seems that I am not alone who is facing this issue. :) - piyushnasa 9 years ago
  • No the secure channel has always haunted us. I do not use a VM I have a master machine I just do windows image backup and restore's and any or my images I restore over a 180 days complain yet. It can be set not to need a PW but being a college teaching CT that is like giving a monkey a gun and box of bullets. Withiout one you could spoof a machine into the domain - SMal.tmcc 9 years ago
  • The next time your VM does that try to just reset the PW
    http://support.microsoft.com/kb/260575/en-us - SMal.tmcc 9 years ago
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ