Losing Trust Relationship on multiple desktops at mutiple client sites CRAZY!!


  • The craziest thing is happening to some of our clients, I had to setup a new user on a windows 7 machine so I go to user accounts and add the user, when I pick administrator for the permissions I get "the trust relationship between the workstation and the primary domain
    failed" happens no matter what permssion you pick so I put it in a workgroup and added it back to domain no problem, fixed.  Well it happened again at a different site with a xp machine, same exact thing and now its happened again at a totally different site !!  The events I see in the event viewer that are the same on all machines are

    Event ID 7 the kerberos subsystem encountered a PAC verification failure and

    Event ID 1030 windows can not query for the list of group policy objects and

    Event ID 1097 windows can not find the machine account.

    I have about 250 managed desktops and I just logged into about 30 of them at different sites, some are xp and some are windows 7 also some are connected to sbs 2003 and some are sbs 2007 and when I go to event viewer about 10 of these machines have these errors and if I try to add a user I get the trust error!! Note machines work fine with current users on them.

    I searched and did not find anything online about this, Is there some update that is causing this?  I could see if this was just one server but this is happening on multiple servers at different sites.

    Thanks for any help, this is so crazy!


    Sbs 2003 I will miss you !!!!

    Mittwoch, 6. Juni 2012 20:43


Alle Antworten

  • You need to check the time sync and dns server health on the servers.

    Robert Pearman SBS MVP (2011) | |

    Donnerstag, 7. Juni 2012 08:59
  • What is the best way to do that?  I have Ran DCDiag tool to check DC''s health and it looks good.

    Sbs 2003 I will miss you !!!!

    Donnerstag, 7. Juni 2012 12:45
  • Is the time in sync between the server and the clients?

    Robert Pearman SBS MVP (2011) | |

    Donnerstag, 7. Juni 2012 16:18
  • are these virtual machines that get reset every so often?
    Freitag, 8. Juni 2012 19:01
  • or perhaps, laptops that get turned off for extended periods of time? Desktops that lose network connection for a while?
    Samstag, 9. Juni 2012 23:46
  • You may also want to have a look at the IP configuration of the Client Mahines.

    And also wanted to check if this happens on a SBS2011 network or a SBS2008 network.

    Sonntag, 10. Juni 2012 01:26
  • Hi,

    Make sure that the workstations are pointing to local DNS server IP as preferred DNS in NIC, you need to disjoin the workstation from domain, delete computer account from ADUC and rejoin problem workstation again to domain.

    Also try below hotfix:


    Arthur Li

    TechNet Community Support

    Montag, 11. Juni 2012 02:31
  • everything is correct, dns is right, time is right.

     just happened again on a win7 machine at a differnet company!  and now I can not login because local administrator is disable.    I will let you know if I figure this out.

    Sbs 2003 I will miss you !!!!

    Dienstag, 19. Juni 2012 15:20