• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Trust relationship broken

Scheduled Pinned Locked Moved
FOG Problems
5
12
4.8k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    SupEric
    last edited by Sep 10, 2014, 1:38 PM

    Fog version 1.2.0
    I have setup the Active directory defaults. Used fogcrypt to encrypt the domain admin account password. When I try to have Fog join the computer to the domain after downloading the image I get this error when trying to login the computer.

    “The trust relationship between this workstation and the primary domain failed”

    It does rename the computer correctly, but will not join it to the domain.

    Thanks,

    1 Reply Last reply Reply Quote 0
    • T
      Tom Elliott
      last edited by Sep 10, 2014, 2:12 PM

      In AD, is the system disabled?

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

      1 Reply Last reply Reply Quote 0
      • S
        SupEric
        last edited by Sep 10, 2014, 2:17 PM

        [quote=“Tom Elliott, post: 36451, member: 7271”]In AD, is the system disabled?[/quote]

        The system has not been disabled.

        Additional info, It is a windows 7 image, and AD 2013.

        1 Reply Last reply Reply Quote 0
        • S
          SupEric
          last edited by Sep 11, 2014, 3:08 PM

          [quote=“SupEric, post: 36452, member: 25086”]The system has not been disabled.

          Additional info, It is a windows 7 image, and AD 2013.[/quote]

          When the machine first starts after a download I logged in an copied the fog.log file. Then the machine wants to restart and after the restart is says the trust relationship is broken when I try logging in.

          I have attached the fog.log file from the machine.

          Any ideas?

          [url=“/_imported_xf_attachments/1/1364_foglog.zip?:”]foglog.zip[/url]

          1 Reply Last reply Reply Quote 0
          • T
            Tom Elliott
            last edited by Sep 11, 2014, 3:34 PM

            How are you telling the system to join the domain?

            Particularly, from your fog.log:
            [code]FOG::HostnameChanger Module is disabled on this host[/code]

            This means that FOG isn’t doing the name change or joining the host to domain, but rather maybe a snapin?

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            1 Reply Last reply Reply Quote 0
            • S
              SupEric
              last edited by Sep 11, 2014, 3:48 PM

              [quote=“Tom Elliott, post: 36534, member: 7271”]How are you telling the system to join the domain?

              Particularly, from your fog.log:
              [code]FOG::HostnameChanger Module is disabled on this host[/code]

              This means that FOG isn’t doing the name change or joining the host to domain, but rather maybe a snapin?[/quote]

              Fog used to joun them to the domain and for some reason it has stopped working. When we inventory the computer we tell it to jooin the computer to the domain using default settings and the we put the active directory defauilts in on the fog configuration screen. What do we need to do to make Fog join the computers to the domain?

              1 Reply Last reply Reply Quote 0
              • J
                Junkhacker Developer
                last edited by Sep 11, 2014, 3:51 PM

                in fog 1.0+ the username field needs to only have the username, no domain
                AD credentials are stored per host, and you may need to update your hosts with any changes

                signature:
                Junkhacker
                We are here to help you. If you are unresponsive to our questions, don't expect us to be responsive to yours.

                1 Reply Last reply Reply Quote 0
                • S
                  SupEric
                  last edited by Sep 11, 2014, 4:09 PM

                  [quote=“Junkhacker, post: 36538, member: 21583”]in fog 1.0+ the username field needs to only have the username, no domain
                  AD credentials are stored per host, and you may need to update your hosts with any changes[/quote]

                  Cool, I have updated the fields to just the username no domain if front, in both the computer settings and in the Active directory defaults. Testing now.

                  Thanks!!!

                  1 Reply Last reply Reply Quote 0
                  • S
                    SupEric
                    last edited by Sep 11, 2014, 7:14 PM

                    Unfortunatley after downloading, it has the same message. Trust relationship failed.

                    1 Reply Last reply Reply Quote 0
                    • D
                      d4rk3
                      last edited by Sep 12, 2014, 2:00 PM

                      This error happens if I image a station on our domain and I forget to delete the computer from AD before it re-joins the domain post-imaging.

                      1 Reply Last reply Reply Quote 0
                      • J
                        Junkhacker Developer
                        last edited by Sep 12, 2014, 2:21 PM

                        i believe this can also happen if you upload an image of a computer that is already joined to the domain

                        signature:
                        Junkhacker
                        We are here to help you. If you are unresponsive to our questions, don't expect us to be responsive to yours.

                        1 Reply Last reply Reply Quote 0
                        • S
                          sudburr
                          last edited by Sep 12, 2014, 2:49 PM

                          The trust relationship between the AD and the computer is based on the Computer Account Password which is saved as part of the computer object in the AD.

                          By default, trust relationship and computer account passwords are negotiated every thirty days, except for computer accounts that can be disabled by the administrator.

                          This password is generated, negotiated and maintained by the computer, entirely silently. A short history of passwords is supposed to be maintained by the AD for each computer object, in the case of some synchronization problems. However, this can easily be fubar’d if the computer undergoes one too many recovery sessions to restore points, is away from the domain too long to have been able to properly recognise the new password, or your AD has been restored to a previous restore point.

                          If you are capturing an image that is already joined to the domain, stop doing that.

                          The recommended fix from MS for a computer that no longer is trusted by the AD is:

                          1. From the client, remove it from the domain.
                          2. Delete the computer object from the AD.
                          3. Join the computer to the domain.

                          … Or …

                          1. Logon as a local Administrator
                          2. CMD: netdom /resetpwd /server:YourDC /userD:Your.Domain\YourADAccount /passwordD:* /SecurePasswordPrompt

                          There are other scripting and powershell options as well.

                          See [url]http://support.microsoft.com/kb/216393[/url] for more information.

                          This problem can also be remediated by changing the default behaviour of the client by extending the lifespan of the computer account password through local Group Policy.

                          [ Standing in between extinction in the cold and explosive radiating growth ]

                          1 Reply Last reply Reply Quote 0
                          • 1 / 1
                          1 / 1
                          • First post
                            3/12
                            Last post

                          188

                          Online

                          12.0k

                          Users

                          17.3k

                          Topics

                          155.2k

                          Posts
                          Copyright © 2012-2024 FOG Project