Thursday, September 6, 2012

Server and AD trust relationships

Recently one of my servers started having trust issues. I would RDP to the server and it would appear to accept my domain login credentials fine, but then kick me back to the Windows server login screen with the following error:
The username or password is incorrect

I logged in as a local administrator and saw the following in the Security log
Unknown user name or bad password
... with the following status codes: 0xc000006d 0xc000006a

I tried disconnecting from the domain and reconnecting, with the required reboots, and now I get this error:
The trust relationship between this workstation and the primary domain failed

I tried to disconnect, remove the computer account, reconnect, but this resulted in this error:
The security database on the server does not have a computer account for this workstation trust relationship

This is very frustrating so finally, I did the following:
Disconnect from the domain (with a reboot)
Remove the computer account from AD
Reboot both the primary and secondary DCs
Rejoin the domain (with a reboot)

That finally worked. So, when in doubt reboot possibly everything.