Thanks for the video. I would recommend a different approach without removing the computer from the domain and then rejoin. 1. Log into the computer with local account with local administrator privileges (use the dot syntax to avoid same name as in domain .\LocalAdminAcc) 2. Open Powershell (I think it must be 3.0 or higher, not sure) with local admin privileges. 3. Type: "Test-ComputerSecureChannel -Repair -Credential Domain\user". You must enter the domain account with relevant rights. 4. When result of the command above is True, restart the computer and try to log in as normally. When it is False, try to run the command again and restart.
hey when ive "Test-ComputerSecureChannel -Repair -Credential Domain\user", it doesnt fix it, any idea where to go further ideas into repairing? group policy? ive turned off group policy and wiped all group policy from the machines and DC to see.
Nice Video Kev, quick question does this have any affect on a PC that is running Bitlocker? Does the bitlocker passcode change in AD or does it stay the same once it has rejoined the domain?
Nice video! Rejoining workstations in our enviroment is tricky because our computers are Hybrid joined with AAD. If we remove the computer from AD it also gets stuck in SCCM :/
@@KevtechITSupport it gives me so much troubles… I hate having to bug the admins about a PC stuck in AAD or SCCM but they won’t give us permissions to remove it from AAD or SCCM
Sometimes that works but not all the time. That's why I said in the video reset pc. If the pc listed there, you can reset it and that let's them login sometimes.
Can someone please help me with this question!thank you 😩 Your platform says I have to close my SSH port, but we use it for doing maintenance on our site. How can I get rid of the risk?
@@zzzzzz...9902 you can't do much like I said. You can only reset domain pc on active directory, reset pc, or create another local account on the pc using windows hiren boot cd if the company allows it.
Another way is just type 'pc name' in the search box. Click view pc name, and on the right click rename this PC (advanced). Less steps, a little faster.
![How to Setup a Domain Trust [Forest Trust] - Between Two Domains on Windows Server](/img/n.gif)
Thanks for the video.
I would recommend a different approach without removing the computer from the domain and then rejoin.
1. Log into the computer with local account with local administrator privileges (use the dot syntax to avoid same name as in domain .\LocalAdminAcc)
2. Open Powershell (I think it must be 3.0 or higher, not sure) with local admin privileges.
3. Type: "Test-ComputerSecureChannel -Repair -Credential Domain\user". You must enter the domain account with relevant rights.
4. When result of the command above is True, restart the computer and try to log in as normally. When it is False, try to run the command again and restart.
cool, thanks for sharing. I always welcome different methods. I try to make it as simple as possible for someone brand new starting out.
Nice method! I believe you will use the '-repair' option if your result is false.
I have facing this problem on multiple client computer. I have tested secure channel between my dc and client and result is true. So how to solve it?
hey when ive "Test-ComputerSecureChannel -Repair -Credential Domain\user", it doesnt fix it, any idea where to go further ideas into repairing? group policy? ive turned off group policy and wiped all group policy from the machines and DC to see.
@@TitoMPG Try to delete the Computer object in AD and create it manually. (Backup important data like BitLocker keys etc.)
Love it as usual, Short videos like these are so simple but so beneficial keep it up Kev!
Thanks
You looking real good using PowerShell - keep up the good work!
Thanks Pablo.
Extremely helpful video! Thank you so much for going slow and making sure you were clear with everything!
Thanks for the great information! Glad to have learned another PowerShell skill
Thanks Fred.
Nice Video Kev, quick question does this have any affect on a PC that is running Bitlocker?
Does the bitlocker passcode change in AD or does it stay the same once it has rejoined the domain?
Nice video! Rejoining workstations in our enviroment is tricky because our computers are Hybrid joined with AAD. If we remove the computer from AD it also gets stuck in SCCM :/
Thank you. Yea, it depends on the job environment. Sometimes you may have a sync issue with the domain controller. Hybrid can be both good and bad.
@@KevtechITSupport it gives me so much troubles… I hate having to bug the admins about a PC stuck in AAD or SCCM but they won’t give us permissions to remove it from AAD or SCCM
Yeah, it's like that with some companies unfortunately.
Hi Kev, love your staff,please let me know if you have done any videos on Radius installation and troubleshooting
Nope. Don't have anything on that
could all of this also be done directly from AD? Removing the PC there and rejoining him?
Sometimes that works but not all the time. That's why I said in the video reset pc. If the pc listed there, you can reset it and that let's them login sometimes.
@@KevtechITSupport thanks a lot, your videos are a goldmine for beginners in Helpdesk.
YOu could probably check to see if the computer is enabled in your ADUC and if its disabled re-enable.
Great Job!!! Thx
Thanks
Can someone please help me with this question!thank you 😩
Your platform says I have to close my SSH port, but we use it for doing maintenance on our site. How can I get rid of the risk?
Are you asking me or is this a question in your job? You need to talk to your manager and team.
@@KevtechITSupport no it’s for an interview assessment :/ I already have some answers just don’t want to submit it and I miss something
I have facing this problem on multiple client computer. How to solve it?
you should come to discord if you need help.
deploy a PS script with what deployment software your company uses.
What if the "smart" people who run the company you work for have decided they want to use a system that regularly changes the local admin password?
You can do that. Every company has their own way of doing things.
What if you don't have the local admin password and you use hybrid set up in your company?
You need to know the local admin password. Otherwise your pretty much stuck on rebuilding the pc.
@@KevtechITSupport What about the issue of security database on the server does not have a computer account for this workstation trust relationship?
@@zzzzzz...9902 you can't do much like I said. You can only reset domain pc on active directory, reset pc, or create another local account on the pc using windows hiren boot cd if the company allows it.
@@KevtechITSupport Oh there the same error essentially but different in wording, got it.
@@KevtechITSupport Thanks for the responses
👐👐👐
Thanks boss
Thanks as well.
Another way is just type 'pc name' in the search box. Click view pc name, and on the right click rename this PC (advanced). Less steps, a little faster.
I done that before in other videos. I'm trying to show folks new stuff. Thanks for sharing though. Since people are asking for powershell.
Thanks
Thank you too.
I usually solve this issue just by connecting the laptop to the ethernet cable and boom. Because i have physical access to user devices at my work.
This scenario is more for a laptop working remotely or a workstation in the office
I see this issue at least a couple times a month.
that ways is easy to do, what about if you do not have the administrator of the PC😂
You use hiren to change the password or get access to admin account.