This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 33%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJW%3C/text%3E%3C/svg%3E)
A full disk backup image of win7 embedded was created by ghost after the machine joined AD 5 month ago
last week,the hard drive is broken,we restore the machine after replace the HD.
booting up is ok,but we can not login with the ad account.
error msg: lost trust relationship with domain controller.
after same research ,we believe its a machine password issue.
netdom is the right tool for reseting the machine password,but we can not find such command for win7 embedded.
where can i get this?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 59%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECT%3C/text%3E%3C/svg%3E)
If you are admin of the Windows 7, you could try to reset the computer password using the nltest command:
Open a Command prompt using Admin rights
nltest /sc_reset:Domain\DC_Name
ex: for a domain called lab.net and a DC called DC01, the command will be:
nltest /sc_reset:lab\DC01
hth
thanks guys for replying
a manual rejoin is rejected by manager.
so, that leave me no choice.
I'm a little confused.
will win7 em rebuild the trust relationship automaticly if EWF/FBWF is disable?
or I still need something like netdom to repair the true relationship?
thanks again.
What is the managers reasoning? The problem is that the trust relationship has to be re-established since the private key is old.
Which filter is enabled in the image? FMWF or EWF?
netdom runs from the server side.
If you have a Microsoft sales contact that you work with. I suggest that you contact them to see if there is an alternative to fixing the AD trust relationship.
sorry for the delay.
the reason of no manual rejoing are:
I will do a test for NLTEST.
come back later.
thanks
Hello
Windows Embedded has a write lock/filter that might prevent this changes, check about it and how to diable here: https://learn.microsoft.com/en-us/previous-versions/windows/embedded/ff769914(v=winembedded.60)?redirectedfrom=MSDN
In the case of this version, I would strongly recommend to commit a manual rejoin to the domain
Best regards!
LT-2700 has a good idea. Please check to see if EWF (ewfmgr.exe) or FBWF (fbwfmgr.exe) are in the image. Disable them, and reconnect to the domain. Every 30 days a new domain secret key is generated since the current key is not in the back up image, you will have to re-establish links to the AD.
