Windows 7 Mobile Computers which connect via VPN receiving Trust relationship between this workstation and the primary domain failed
We have 30+ mobile computers running Windows 7 Professional 32-bit. Our domain is a native Windows 2008 R1 domain. These laptops primary means of communication with the domain is via VPN. Before deploying the
laptops they are joined to the domain and each member logs onto the domain while it is physically connected to the domain. Then each user logs into the computer with cached credentials, then establishes a VPN connection with the office. We are starting to
see laptops receiving a message that The Trust relationship between this workstation and the primary domain failed. I'm very familiar with this error but I'm not sure what to do to get the computer account to attempt to reset it's security principle (computer
password) when it sees the VPN established. Anyone have a solution for this?
I don't want to setup a netdom command to reset the spn on every vpn connection as they connect almost every day, even multiple times a day when / if they get kicked off the VPN for any reason.
Any help would be greatly appreciated.
September 10th, 2011 7:53am
Hi,
I'm trying to involve someone familiar with this topic to further look at this issue. There might be some time delay.
Appreciate your patience.
Regards,
MiyaThis posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer
your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
September 13th, 2011 3:53am
Hi,
The issue may be caused by that the Security Channels between DC and these mobile computers are broken. If a computer changes its machine account password and it doesn't connect to DC for a long time, the issue may occur. It is not because they connect the
VPN, but the by default behavior. The client will change its machine account password periodically. For these computers which reports the error, you need to make them quit the domain and rejoin the domain to resolve the issue.
The only workaround to avoid the issue is to enable the local policy "Domain member: Disable machine account password changes" on the clients to avoid them to change the machine account password. Here is the path of the Group policy: Computer Configuration/Windows
Settings/Security Settings/Local policies/Security Options
Hoping the information could help you.
Best Regards
Scott Xie
September 13th, 2011 5:29am
Scott thank you for the response. I was aware of the machine password changing and I attributed the behavior we were having with that password change. I was unaware of the GP to prevent the machine from changing the password. That will likely be our fix.
Thank you.
Free Windows Admin Tool Kit Click here and download it now
September 13th, 2011 7:12am