The server loses trust

Андрей Михалевский 2,646 Reputation points

Hello. I have some servers losing communication with the domain controller. After a reboot everything works.

Servers in the same site. dcdiag /q on the domain controller shows no errors.

Guided by the article:

I have enabled the logs. Can someone help to find the problem ?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,409 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,060 questions
Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,332 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Limitless Technology 44,046 Reputation points


    Thank you for your question and reaching out. I can understand you are having query\issues related to

    You Server or computer can lose Trust between AD DC due to some reasons below.

    1. Your computer account object has been removed from Active Directory
    2. Someone accidentally adds a computer with the same hostname to the domain;
    3. You computer local time is offset by more than 5 minutes from the authenticating domain controller;
    4. Your domain controllers are having replication problems
    5. Performing computer cloning or Restore from backup without running the Sysprep,
    6. Some other Admin may manually reset your computer’s domain account;


    --If the reply is helpful, please Upvote and Accept as answer--

    1 person found this answer helpful.
    0 comments No comments

  2. Cedric NONOGNI 161 Reputation points

    Hi @Андрей Михалевский ,

    If I got your point, you have servers with trust relationships.

    If that is too often, I suggest you investigate either or all of the following:

    • network quality to the affected servers (it may comes from specific sub network, location...)
    • name services to confirm entry matches as expected
    • name conflict

    A ping to the affected server from the DC using both the IP address and the name for and extended period of time can be simple way of observation.

    If you encounter this on many servers, you better check on you deployment process if servers are correctly generalized and renamed before being joined to domain in a way they won’t cause any conflict.

    Hope this will be helpful.

    1 person found this answer helpful.
    0 comments No comments