Windows 7 Trust Relationship issues - KiXtart.org - official site

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Lounge » Windows 7 Trust Relationship issues

Page 1 of 2

1

Topic Options

#208490 - 2014-02-04 07:34 PM Windows 7 Trust Relationship issues
Robdutoit Robdutoit Hey THIS is FUN Registered: 2012-03-27 Posts: 363 Loc: London, England	Does anyone have any idea why windows 7 seems to be prone to the "trust relationship" issue. In about 10 years of looking after windows XP, I must have fixed that problem a dozen times in 10 years. Whereas with windows 7, I seem to be fixing this a dozen times a year at random clients. There is no rhyme or reason. The laptop will work perfectly today and will come up with a trust relationship problem the following day. It happens at all my clients and it was worse pre service pack 1. But all of them are now on service pack1 and I still randomly get this problem. Does anyone have any ideas why windows 7 is so prone to this as this very rarely happened on windows xp?
Top

#208491 - 2014-02-04 07:39 PM Re: Windows 7 Trust Relationship issues [Re: Robdutoit]
Allen Allen KiX Supporter Registered: 2003-04-19 Posts: 4563 Loc: USA	Do you mean like the user cant login and you have to reconnect the pc to the domain? I've seen this a handful of times over the years, and if memory serves me, it was always tied to a problem with their dns settings.
Top

#208492 - 2014-02-04 07:48 PM Re: Windows 7 Trust Relationship issues [Re: Allen]
Robdutoit Robdutoit Hey THIS is FUN Registered: 2012-03-27 Posts: 363 Loc: London, England	Yes, I have to login with a cached account or local account, remove from the domain and then rejoin again. The laptops are set to use DHCP, so should never have issues as they are pointing to the server. I know what you mean, because there was a case recently where a pc was set using the wrong server and it was taking forever to login and I could not rejoin the domain until I fixed the DNS issues. No the trust relationship issue seems to be more to be with computer authentication than with DNS.
Top

#208493 - 2014-02-04 08:15 PM Re: Windows 7 Trust Relationship issues [Re: Robdutoit]
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	imo, it has to do with start up repair. every now and then there is a long lasting power outage or lot of spikes or some other reason that breaks the start up sequence and windows 7 PC run into the start up repair. At some point it asks the user do they want to restore, user clicks on yes and trust is broken. Every time this far when I have remembered to ask from the user, they admit on clicking yes to repairing something during start up. _________________________ ! download KiXnet
Top

#208494 - 2014-02-04 09:36 PM Re: Windows 7 Trust Relationship issues [Re: Lonkero]
Allen Allen KiX Supporter Registered: 2003-04-19 Posts: 4563 Loc: USA	Lonk, may very well be on the right path... they introduced that stupid mechanism to do a startup repair on Win7, I have had that happen to me a number of times as well, but it didnt usually go back as far as to remove it from the domain... Here is the commandline I used to remove that crap... Code: bcdedit /set {default} bootstatuspolicy ignoreallfailures
Top

#208495 - 2014-02-04 10:17 PM Re: Windows 7 Trust Relationship issues [Re: Allen]
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11629 Loc: CA	Others seem to agree Based on multiple posts in this topic it would seem that a system repair to a previous time is the "most common" reason for this. As such it is recommended to enable the following settings for Windows 7 From a command prompt you can run Code: bcdedit /set {default} recoveryenabled No bcdedit /set {default} bootstatuspolicy ignoreallfailures If it works out for you then you could use a Startup Script to enable that on all computers in the Domain if wanted. From the Ask the Directory Services Team Machine Account Password Process
Top

#208496 - 2014-02-04 11:09 PM Re: Windows 7 Trust Relationship issues [Re: NTDOC]
Robdutoit Robdutoit Hey THIS is FUN Registered: 2012-03-27 Posts: 363 Loc: London, England	I would never have thought of the startup repair as being the cause!! Although it makes perfect sense. Having said, I have noticed that the problem occurs almost exclusively on laptops - but this might be battery goes dead type thing! I will ask the young lady what she was doing with her laptop over the weekend and I will see. Shall I ask another question which I have never been able to resolve? For some reason on Korg, I have to login twice and logout twice as it doesn't login the first time and I am still logged in after I have logged out the first time. I can't remember who said it, but somebody else mentioned having the exact same problem on Korg and it appears to be a profile issue. Anybody have any update on that problem as its not the end of the world to have to login twice, but its annoying. I will get back to you about the startup repair being the cause. I don't know why I never thought of that as its make perfect sense when you think of it. Edited by Robdutoit (2014-02-04 11:12 PM)
Top

#208497 - 2014-02-05 12:41 AM Re: Windows 7 Trust Relationship issues [Re: Allen]
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	Originally Posted By: Allen Lonk, may very well be on the right path... they introduced that stupid mechanism to do a startup repair on Win7, I have had that happen to me a number of times as well, but it didnt usually go back as far as to remove it from the domain... Here is the commandline I used to remove that crap... Code: bcdedit /set {default} bootstatuspolicy ignoreallfailures it does not have to "remove" the computer from domain. all it needs is to be able to roll back to time where the computer account password is older than the one stored on the DC. one time this happened to me in a computer lab with a lady clicking yes on all computers on the restore question $\:\)$ half of them needed to be removed and brought back to domain. that forced the reason to stuck in my head... never thought to think about a simple fix... need to try that bcdedit tweak. _________________________ ! download KiXnet
Top

#208503 - 2014-02-05 12:48 PM Re: Windows 7 Trust Relationship issues [Re: Lonkero]
Glenn Barnas Glenn Barnas KiX Supporter Registered: 2003-01-28 Posts: 4401 Loc: New Jersey	Well there's a setting that will be added to the next workstation gold image... $\:D$ Glenn _________________________ Actually I am a Rocket Scientist! $\:D$
Top

#208504 - 2014-02-05 01:03 PM Re: Windows 7 Trust Relationship issues [Re: Glenn Barnas]
Arend_ Arend_ MM club member Registered: 2005-01-17 Posts: 1896 Loc: Hilversum, The Netherlands	In a domain environment you should disable this through GPO anyway. But if you really want to do it through bcdedit, then be a little safer and use Code: bcdedit /set {default} recoveryenabled no instead of ignoring all failures.
Top

#208505 - 2014-02-05 03:13 PM Re: Windows 7 Trust Relationship issues [Re: Arend_]
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	arend, that gpo disables the configuration, not any of what we are talking about here. _________________________ ! download KiXnet
Top

#208517 - 2014-02-05 09:58 PM Re: Windows 7 Trust Relationship issues [Re: Lonkero]
Robdutoit Robdutoit Hey THIS is FUN Registered: 2012-03-27 Posts: 363 Loc: London, England	Tell me Glenn, are the patches that you put in your next workstation gold image named after the person who found the solution, or who found the problem lol? Sadly, the teacher doesn't know whether there was a startup recovery because the teacher assistant put the laptop on in the morning. I know that teacher assistants usually deny all charges, therefore its no point bothering to ask! Anyhows I will look at the bcedit issue and see what each setting actually sets. I agree with Arend that it doesn't make sense to ignore failures.
Top

#208523 - 2014-02-06 05:02 AM Re: Windows 7 Trust Relationship issues [Re: Robdutoit]
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11629 Loc: CA	Actually Arend and Rob for my usage I do want to ignore ALL errors. One can easily manually run a fix if or when needed - I do not need the system to do it automatically. I have systems with no keyboard or mouse or touch screen and when or if something happens I don't want Windows trying to auto fix it. In most cases a simple reboot and go back to "Normal" will be just fine and no auto repair is needed. BCDEdit Options Reference http://msdn.microsoft.com/en-us/library/windows/hardware/ff542205%28v=vs.85%29.aspx
Top

#208524 - 2014-02-06 09:22 AM Re: Windows 7 Trust Relationship issues [Re: Lonkero]
Arend_ Arend_ MM club member Registered: 2005-01-17 Posts: 1896 Loc: Hilversum, The Netherlands	Originally Posted By: Lonkero arend, that gpo disables the configuration, not any of what we are talking about here. If that policy is disables the config from the start, and you deploy windows in your network, it never has a restore point, so you never GET the problem that is discussed here. And this way you don't have to modify anything in your deployment image. Think McFly, Think! $;\)$
Top

#208525 - 2014-02-06 09:24 AM Re: Windows 7 Trust Relationship issues [Re: NTDOC]
Arend_ Arend_ MM club member Registered: 2005-01-17 Posts: 1896 Loc: Hilversum, The Netherlands	Originally Posted By: NTDOC Actually Arend and Rob for my usage I do want to ignore ALL errors. One can easily manually run a fix if or when needed - I do not need the system to do it automatically. I have systems with no keyboard or mouse or touch screen and when or if something happens I don't want Windows trying to auto fix it. In most cases a simple reboot and go back to "Normal" will be just fine and no auto repair is needed. BCDEdit Options Reference http://msdn.microsoft.com/en-us/library/windows/hardware/ff542205%28v=vs.85%29.aspx I understand, but I'd rather have all my options instead of infinite boot loops when something is wrong with the hardware.
Top

#208527 - 2014-02-06 02:55 PM Re: Windows 7 Trust Relationship issues [Re: Arend_]
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	and that's why we disable automatic reboot on bluescreen $\:\)$ disabling system restore completely I have not really thought about. I have to admit, it's functionality is rarely needed. _________________________ ! download KiXnet
Top

#208538 - 2014-02-06 10:39 PM Re: Windows 7 Trust Relationship issues [Re: Lonkero]
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11629 Loc: CA	Disagree on the disabling of System Restore. I've found it quite helpful at times but again the issue is having it do it on it's own. Not having a System Restore in a pinch can also be annoying. Not a set rule here Arend - to each his/her own how they would rather manage systems. Even with hundreds of systems it's not like a boot error crops up very often and if it does I want to know about it so I can review that system to see why.
Top

#208542 - 2014-02-07 09:38 AM Re: Windows 7 Trust Relationship issues [Re: NTDOC]
Arend_ Arend_ MM club member Registered: 2005-01-17 Posts: 1896 Loc: Hilversum, The Netherlands	Originally Posted By: NTDOC Disagree on the disabling of System Restore. I've found it quite helpful at times but again the issue is having it do it on it's own. Not having a System Restore in a pinch can also be annoying. Not a set rule here Arend - to each his/her own how they would rather manage systems. Even with hundreds of systems it's not like a boot error crops up very often and if it does I want to know about it so I can review that system to see why. True, however I have a policy for the companies I've managed over the years that if I can't fix the problem in 15 minutes (and it's not a hardware issue) I press F12 and walk away. The PC will be reinstalled and done with everything that user needs in 15-20 minutes.
Top

#208543 - 2014-02-07 12:20 PM Re: Windows 7 Trust Relationship issues [Re: Arend_]
BradV BradV Seasoned Scripter Registered: 2006-08-16 Posts: 687 Loc: Maryland, USA	That is my basic phylosophy. All of the developer code is in subversion. Critical servers I rsync to a backup. So, if something goes wrong that can't be deciphered quickly, I just re-image and we're good to go in about 15-20 minutes. $\:\)$
Top

#208547 - 2014-02-07 05:28 PM Re: Windows 7 Trust Relationship issues [Re: BradV]
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	well... I do admit I like to re-image stuff as well. but I do want to see what caused the issue in the first place. so, I usually take good 30 mins to investigate. and I do not have to press F12 as network boot is the default :P _________________________ ! download KiXnet
Top

Page 1 of 2

1

Previous Topic

Previous Topic View All Topics

View All Topics

Index Next Topic

Next Topic

Moderator: Arend_, Allen, Jochen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Mart

Hop to:

Shout Box

Who's Online

0 registered and 1179 anonymous users online.

Newest Members

batdk82, StuTheCoder, M_Moore, BeeEm, min_seow
17885 Registered Users

Generated in 0.079 seconds in which 0.031 seconds were spent on a total of 14 queries. Zlib compression enabled.

click tracking