none
This computer is unable to establish a trust relationship with the server.

    Question

  • More SBS2003 to SBS2011E migration issues.

    This is a windows XP machine with all available patches installed. It's been part of the domain since before the migration. My new server is named "Alpha" and I've successfully run the command "net time \\alpha /set /yes" to make sure that my time is synchronized with alpha.

    "Cannot connect this computer to the network. This computer is unable to establish a trust relationship with the server. Verify that the computer’s date and time are accurate and try again."

    The log declares:

    [6012] 110913.203731.9750: ClientSetup: Entering JoinNetworkTask.Run
    [6012] 110913.203731.9750: ClientSetup: Network Join Client to Server: ClientComputerName=JUPITER ServerName=ALPHA
    [6012] 110913.203731.9750: ClientSetup: Maximum amount of joined machines: 30
    [6012] 110913.203731.9750: ClientSetup: Current amount of joined machines: 4
    [6012] 110913.203731.9750: ClientSetup: Server already contains a computer joined with Client Machine Name
    [6012] 110913.203731.9750: ClientSetup: Network Join has been forced
    [6012] 110913.203731.9750: ClientSetup: Running Network Join
    [6012] 110913.203731.9750: ClientSetup: Call MachineIdentity.GetCert
    [6012] 110913.203749.1625: ClientSetup: JoinNetwork had errors: ErrorCatalog:InvaildCert ErrorCode:-1
    BaseException: Microsoft.WindowsServerSolutions.Devices.Identity.MachineIdentityException: MachineIdentityManager.GetCert ---> Microsoft.WindowsServerSolutions.Certificates.CertificatesException: InstallResponse
       at Microsoft.WindowsServerSolutions.Certificates.CertManaged.InstallResponse(String strResponse, CertificateEnrollmentContext context, InstallRestrictionFlags restrictions, EncodingFlags encoding)
       at Microsoft.WindowsServerSolutions.Devices.Identity.MachineIdentityManager.GetCert(String serverName, String userName, String password, Boolean bForce)
       --- End of inner exception stack trace ---
       at Microsoft.WindowsServerSolutions.Devices.Identity.MachineIdentityManager.GetCert(String serverName, String userName, String password, Boolean bForce)
       at Microsoft.WindowsServerSolutions.ClientSetup.ClientDeploy.JoinNetworkTask.Run(WizData data)
    [6012] 110913.203749.1625: ClientSetup: Exiting JoinNetworkTask.Run
    [6012] 110913.203749.1625: ClientSetup: Task with Id=ClientDeploy.JoinNetwork has TaskStatus=Failed
    [6012] 110913.203749.1625: ClientSetup: Task with Id=ClientDeploy.JoinNetwork has RebootStatus=NoReboot
    [6012] 110913.203749.1625: ClientSetup: Exting ConnectorWizardForm.RunTasks
    [5960] 110913.203749.1781: ClientSetup: JoinNetwork Tasks returned TaskStatus=Failed
    [5960] 110913.203830.1625: ClientSetup: Back from the Client Deployment Wizard
    [5960] 110913.203830.1625: ClientSetup: Saving Wizard Data
    [5960] 110913.203830.1625: ClientSetup: End of ClientDeploy: ErrorCode=1603
    
    

    I've not been able to figure out what the invalidcert issue is, or more importantly what I need to do to fix it.

    Wim.

     

    Wednesday, September 14, 2011 1:49 AM

Answers

  • I found this thread, which mentioned this article and was able to get the machine to join the dashboard properly. I added the local machine administrators group to the security permissions with full access on the C:\Documents and Settings\All Users\Application Data\Microsoft directory. "Everyone" already had access to that directory, but the change seemed to fix things along with the fact that I was logged in with a LOCAL machine administrator account to install the connect software.

    I've got the backup running for the first time now. When it completes I'll be a little bit more comfortable that the network is configured correctly.

    Friday, September 23, 2011 4:32 PM

All replies

  • I think looking at this - it may still prove to be a time issue.

    Can you confirm the time zone the server is in? It defaults to pacific.


    Robert Pearman SBS MVP (2011) | www.titlerequired.com | www.itauthority.co.uk
    Tuesday, September 20, 2011 12:35 PM
    Moderator
  • Both machines are set to central time zone, and even if they weren't the "net time" command properly deals with the time zone issue when used to force synchronization.

    Still trying to figure out the issue with this machine. 

    Friday, September 23, 2011 4:29 AM
  • I found this thread, which mentioned this article and was able to get the machine to join the dashboard properly. I added the local machine administrators group to the security permissions with full access on the C:\Documents and Settings\All Users\Application Data\Microsoft directory. "Everyone" already had access to that directory, but the change seemed to fix things along with the fact that I was logged in with a LOCAL machine administrator account to install the connect software.

    I've got the backup running for the first time now. When it completes I'll be a little bit more comfortable that the network is configured correctly.

    Friday, September 23, 2011 4:32 PM