Skip to main content

How to fix Trust Relationship issue in Windows (without System Reboot)

 

Hello Readers, today we are going to learn how to Fix trust relationship issue between the workstation and the domain. But before jumping into the solution, we need to learn the concept of Secure channel.

What is a Secure Channel ?

Before understanding the trust relationship issue, you will need to know what is a Secure channel
  1. Whenever you add a computer or client machine to an Active Directory domain, your computer account gets created in Active Directory.
  2. Secure Channel helps to make the communication between the client machine and DC (Domain Controller), Example : Replicating Group Policies.
  3. Always remember in a Secure channel the computer authentication takes place and not the User Authentication
  4. So for this Authentication Password is required. Once computer is joined to the domain a password for authentication is proposed to the Active Directory
  5. By Default, Computer account password change is initiated by the client computer in every 30 days. This can be modified in Group Policy settings.
  6. NETLOGON Service is responsible for establishing the secure channel.

Why Trust Relationship issues occurs ?

Trust relationship issue occurs when the secure channel is not getting established between the Client computer and the Domain Controller. This can happen if the last recorded password in Active Directory doesn't match with the Local client computer password. 

By default there is no way to know what is the password. Only thing in your hand is to reset or re-establish the secure channel.

Examples when this can occur  :

1. You have reset your computer recently
2. You are trying to build new server from an OS Image which was joined to a domain previously
3. Rebuilding VM Files (.avhdx)
4. NetLogon service is not working properly

Ways to Fix Trust Relationship issue without doing reboot ?

Usually the below step also fixes this issue but only disadvantage is it requires system reboot.

Computer Properties > Add the computer to Workgroup > Reboot the system > and then Join the the computer back to the domain.

So the question arises how to fix this issue without doing System Reboot?

Step 1 ) Using Reset-ComputerMachinePassword

Reset-ComputerMachinePassword -Server "DC01" -Credential "<DomainAdminCreds>"

This command will only work on PowerShell 4.0 and 5.0 

Step 2 ) Using Test-ComputerSecureChannel

Test-ComputerSecureChannel -Repair -Credential "<DomainAdminCreds>"


Step 3 ) Reset Computer on ADUC

  • Login to Domain Controller
  • Open Active Directory Users and Computers (dsa.msc)
  • Search for the ComputerName and then Right click on it and then Reset.


Happy Learning!

Comments

Popular posts from this blog

Fast Proxy List with their Ports

TESTED : 115.248.206.187     Port 8080  INDIA 65.49.73.192           Port 8080  USA 50.22.206.179         Port 8080   USA 149.6.5.2                  Port 8080   USA 72.64.146.136         Port 8080   USA 64.37.63.106            Port 8080   USA 118.91.234.81           Port 8080  INDIA 125.16.69.114           Port 8080  INDIA 115.252.111.214       Port 8080  INDIA 114.143.12.28           Port 8080  INDIA 27.124.48.34             Port 8080  INDIA ANONYMOUS US PROXY SERVER : 12.235.183.190:443 12.68.37.35:8080 128.2.211.115:3127 129.105.15.38:3124 130.245.191.59:3124 130.245.191.59:3128 130.245.191.60:3128 131.247.2.247:3127 131.247.2.247:3128 146.57.249.98:3128 166.122.68.249:8080 170.140.119.69:3127 173.14.5.140:80 173.15.162.73:80 173.19.200.137:8080 173.203.109.119:80 173.203.206.233:80 173.203.215.116:80 174.51.152.145:29005 184.106.129.168:8081 184.106.228.14:80 184.72.36.101:80 184.73.34.31:80 199.26.254.66:3128 199.3.183.160:80 199.3.183.160:

How to hack VP-ASP Shopping websites and get all the Database details

Hello Friends, Today we are going to learn how to hack VP-ASP cart of a Shopping website and download all their Database details like Customer details, Credit card details, Product details etc. So some basic idea before starting the Tutorial,  What we are going to do here? Firstly we will hack a shopadmin website then we will download the database file which will be in the form of *.mdb. This database file contains all the client details like credit card information and also login name and passwords. How to do this ? Note : This tutorial is tested on "VP-ASP Shopping Cart Version:5.00" Step 1 : First thing to do is to find VP-ASP 5.00 Sites, to do this -> Go to Google.com -> Type "VP-ASP Shopping Cart 5.00"[ Without Quotes ] . See the image for reference  Step 2 : In this tutorial, we are going to target www.surfstats.com  You can also select your website which is having "shopdisplaycategories.asp","sho

Windows Services Startup Type Explained

Hi Geeks, Today I was working on a Service related script so thought of sharing some useful information related to Services Startup Type which most of the people knows but doesn’t know about the functionality. So lets begin. What are Windows Services and what they do ? Windows Services are the components or applications that starts when your computer is booted up and runs in the background mode helping the application to work smoothly and finally stops when the computer shuts down. For Example, If you want to send or receive any Fax, then the Fax service should be running in the background to perform the Fax activity. How many Service Startup Types are there and what they do ? There are 4 Service Startup Types available : 1. Automatic Explanation : Automatic Service Startup Type starts the service automatically when the system boot up is done. So if we are having a machine of less memory and there are lots of services in Automatic Startup type then your mac

How to see remote changes before doing Git Pull

Before going through the steps, lets first understand what is the purpose of GIT Pull ? In simple terms, GIT PULL is a GIT Command which access the Remote repository and checks which all files were modified or created and is different from the local repository. Once it finds that info, it downloads those file to your local repository.  Technically speaking, GIT Pull runs 2 commands i.e GIT Fetch and GIT Merge in background. GIT Fetch downloads the latest change to the local repository while GIT Merge merges the remote content refs and heads to new local merge commit. so you can say the below is same : GIT Pull <remote> -or- GIT Fetch <remote> GIT Merge origin/master So lets begin with the steps on how to see the remote (origin/master) changes before doing Git Pull :  Git fetch origin Git log master..origin/master Git diff master..origin/master Git pull / Git merge origin/master Happy Leaning! How to get started with GIT in Windows : Check out here

Powershell Tip : How to find the disk type of your System ( HDD or SSD )

Hi Friends😀 Today we are going to learn how to find the disk type of your system i.e. whether it is SSD ( Solid State Drive ) or HDD ( Hard Disk Drive ). Powershell has a cmdlet which helps to achieve the same :  Get-PhysicalDisk Get-PhysicalDisk | Select FriendlyName , MediaType , Size

Hacking Facebook or any Email Account using IP Tab napping Method

Hi guyz, Today we r going to learn how to hack any Facebook or Email accounts using IP Tabnapping method. IP Tabnapping is similar to "Phishing technique" but here instead of using a web hosting site we will use own system IP address to get he email id and password. So for this you will require : 1. BackTrack OS ( We are using Backtrack5 R2 version, download it frm  www.backtrack-linux.org ) 2. Some social engineering tricks + Brain (most important thing) okay so lets begin : Step 1 : Open Backtrack, Click on  Applications  >  BackTrack  >  Exploiting Tools  >  Social Engineering Tools  >  Social Engineering Toolkit  >  Set Step 2 :  Now u are in the set console, you can see several options there like Social Engineering attack, Fast track penetration testing etc. Just type 1 and press Enter . This will open " Social Engineering attack ".  Step 3 : Now another window will appear Just type "2" i.e.  Website Attack Vectors  .