We have 30+ mobile computers running Windows 7 Professional 32-bit. Our domain is a native Windows 2008 R1 domain. These laptops primary means of communication with the domain is via VPN. Before deploying the laptops they are joined to the domain and each member logs onto the domain while it is physically connected to the domain. Then each user logs into the computer with cached credentials, then establishes a VPN connection with the office. We are starting to see laptops receiving a message that The Trust relationship between this workstation and the primary domain failed. I'm very familiar with this error but I'm not sure what to do to get the computer account to attempt to reset it's security principle (computer password) when it sees the VPN established. Anyone have a solution for this? I don't want to setup a netdom command to reset the spn on every vpn connection as they connect almost every day, even multiple times a day when / if they get kicked off the VPN for any reason. Any help would be greatly appreciated.

Hi, I'm trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience. Regards, MiyaThis posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, The issue may be caused by that the Security Channels between DC and these mobile computers are broken. If a computer changes its machine account password and it doesn't connect to DC for a long time, the issue may occur. It is not because they connect the VPN, but the by default behavior. The client will change its machine account password periodically. For these computers which reports the error, you need to make them quit the domain and rejoin the domain to resolve the issue. The only workaround to avoid the issue is to enable the local policy "Domain member: Disable machine account password changes" on the clients to avoid them to change the machine account password. Here is the path of the Group policy: Computer Configuration/Windows Settings/Security Settings/Local policies/Security Options Hoping the information could help you. Best Regards Scott Xie

Scott thank you for the response. I was aware of the machine password changing and I attributed the behavior we were having with that password change. I was unaware of the GP to prevent the machine from changing the password. That will likely be our fix. Thank you.