Hi there,

I'm running some simple network tests with virtual machines connected to a parent and child domain in Active Directory. I'm attempting to test cross-domain communication, but whenever I revert my virtual machines, the trust relationship goes stale or I get locked out of my machine, stating the following error message: "The trust relationship between this workstation and the primary domain failed."

To my knowledge, this is due to Kerberos. I'm aware of the workaround for this (a short script for requesting a password reset), but this takes time and can harm my tests if I need to revert to a state (as my state is then modified). For the purposes of my tests, I only require that my trust relationships are not reset (the security feature of resetting the trusts is not needed). Is there any means of disabling this feature for my tests?

Thanks,
Gareth 

• Edited by Spirited Fang Friday, September 11, 2015 7:05 PM Clarification.

Hi Gareth

I suppose you want to disable the periodic computer account password reset of the member computer in the registry under: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

In there you need to change the DisablePasswordChange value to 1.

This is documented in https://support.microsoft.com/en-us/kb/154501

Good Luck

Lyndon

Hi Gareth,

Ii i understood you correctly you are restoring your VM from a snapshot. Could you please confirm how old that spanshot is? if its more than 30 days then you can follow the link, it states about similar symptoms and resolution.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006764