mpsliva
1 Copper

Losing trust relationship with domain

Losing trust relationship with domain

Hello

I have about 30 C90LE7's deployed in my environment joined to the domain. Citrix Desktop Lock is installed so when a domain user logs in, they are presented with a Citrix XenApp Desktop, and not the WES7 desktop.

If a thin client is rebooted or off the network for 30 days, the next time a user attemps to log in they are presented with a domain trust relationship error. What is happening is the WES7 thin client is requesting a machine account password change with the domain controller and the thin client does not retain the password after a reboot. From everything I've read in the Wyse Knowledge Base and else where, the RegFilter in WES7 should automatically retain the password. I'm using C90LE7 image BCB0_0827_4096.

Anyone else experience this problem?

Tags (1)
0 Kudos
20 Replies
nitehawk-2015
1 Copper

RE: Losing trust relationship with domain

This is concerning. I read the same technote and i also did some digging in the registry under the regfiler section. It does have a section for the mac account allowed through the regfilter.

Did you have to modify the reg filter to overcome this?

Tags (1)
0 Kudos
jacobwalker
1 Copper

RE: Losing trust relationship with domain

 Originally Posted by mpsliva 

Hello

I have about 30 C90LE7's deployed in my environment joined to the domain. Citrix Desktop Lock is installed so when a domain user logs in, they are presented with a Citrix XenApp Desktop, and not the WES7 desktop.

If a thin client is rebooted or off the network for 30 days, the next time a user attemps to log in they are presented with a domain trust relationship error. What is happening is the WES7 thin client is requesting a machine account password change with the domain controller and the thin client does not retain the password after a reboot. From everything I've read in the Wyse Knowledge Base and else where, the RegFilter in WES7 should automatically retain the password. I'm using C90LE7 image BCB0_0827_4096. 

Anyone else experience this problem?

 

I have experienced something similar to this after a power outage. The trust relationship on several Z90 w/ WES7 is broken and I have to rejoin them to the domain. A huge pain. If anyone has any suggestions, I would also like to know.

Tags (1)
0 Kudos
schrempp
1 Copper

RE: Losing trust relationship with domain

I’m also seeing the same thing on Z90D7’s after a power outage, glad it's not just me. 2 out of 30 had it happen last time, don’t know what the rhyme or reason for it is. I may open a support case, but I’ve been pretty disappointed in support lately. Anything somewhat complicated seems to become an unsolved mystery that no one ever contacts me back on.

Tags (1)
0 Kudos
pcomm-tech
1 Copper

RE: Losing trust relationship with domain

We had a similar issue when first rolling out 60 C90LE7 thin clients. After 30 to 45 days of use in the domain, the trust relationship would break. Found an alternate method of having users login, but still interested in an actual resolution.

Tags (1)
0 Kudos
schrempp
1 Copper

RE: Losing trust relationship with domain

Don't suppose anyone has gotten anywhere with this? I still have z90's that randomly lose their trust. Sometimes after a power failure, sometimes not. Very frustrating and tech support so far hasn't been any help.

Tags (1)
0 Kudos
DaFishe
2 Bronze

RE: Losing trust relationship with domain

here is a Microsoft article on how to disable the automatic machine account password change.
http://support.microsoft.com/.../154501

Tags (1)
0 Kudos
nitehawk-2015
1 Copper

RE: Losing trust relationship with domain

Did anyone ever find out why this was occuring?

Tags (1)
0 Kudos
DSHUE-2015
1 Copper

RE: Losing trust relationship with domain

bump! any updates?

Tags (1)
0 Kudos
mpsliva
1 Copper

RE: Losing trust relationship with domain

 Originally Posted by DSHUE 

bump! any updates?

 

Ultimately, I created a GPO that disabled the machine password change. RegFiltering did not work for me. I haven't had to rejoin a C90LE7 to the domain since I created the GPO.

Tags (1)
0 Kudos