Hi!
So we deployed windows 7 to a many remote locations where we have no local domain controller and they are connected to head quarter with a slow link, now a couple months later I have received a couple of cases where the computers looses its trust with the domain so when a user tries to login they get: "Trust Relationshitp between Workstation and Primary Domain failed"
On domain controller i see this event (4625):
An account failed to log on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 Account For Which Logon Failed: Security ID: NULL SID Account Name: TheComputer$ Account Domain: TheDomain Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xc000006d Sub Status: 0xc000006a Process Information: Caller Process ID: 0x0 Caller Process Name: - Network Information: Workstation Name: TheComputer Source Network Address: 10.146.34.31 Source Port: 62728 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): - Key Length: 0
According to this site: https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4625
The event id is saying that the computer is trying to login with wrong password:
0xC000006A | user name is correct but the password is wrong |
I have read through this blog post and the only thing I can imagine is that the secure channel have failed, for some reason?
Checking the password with powershell:
PS C:\Windows\system32> Get-ADComputer The Computer -Properties * |select *pass* AllowReversiblePasswordEncryption : False badPasswordTime : 0 CannotChangePassword : False LastBadPasswordAttempt : PasswordExpired : False PasswordLastSet : 2015-09-03 20:38:20 PasswordNeverExpires : False PasswordNotRequired : FalseAs you can see the password where reset recently.
Any ideas ? I don't want this to happen on all 400~ machines we have remote.
Thanks!