Active Directory Trust Issues
In one of our computer classroom (VMH 2203), we have deployed Windows 7 computers with Active Directory. The reason I decided to put Windows 7 in that room is because those were brand new computers and I couldn’t get XP working on those machines for some reason. It was so long ago that I think it may have been driver issues. I had to also have those computers authenticate using Active Directory instead of Novell because I couldn’t figure out how to get the UMD Gina to run on Windows 7 in a short period of time (1 week to get an image working for that lab). That was our first public deployment of Windows 7 with Active Directory authentication.
It worked great until probably December when one of the computers started getting trust issues. I spent 2 weeks removing that computer from the domain and rejoining it and nothing would work. It was horrible troubleshooting the issue because it was only doing it on 1 computer. If it was an image issue, it would have happened on all the computers in that room. The worst part was that I couldn’t troubleshoot until there were no classes in there which meant Monday – Thursday after 5pm or all day Friday. I eventually gave up on it and decided to come back to it at a later time as I had to start working on the new Citrix portal. There was 1 other report that another computer was having the same issue in that room. So as of Winter term, only 2 computers were not able to log in.
Two days ago, I decided to approach this problem again, thinking that maybe there was some hotfix that I needed to install, and there was! The hotfix required me to replace a file on the vDisk image that the desktops were using. After I did that, I went back into that room and removed the computer from AD again and rejoin. It failed :-(. I sat there thinking about what else could be the issue and decided to just log into all 20 computers in that classroom to make sure the rest works. OMG! I found 5 more computers with the same trust issue! How long were these extra 5 computers down? Did no one report the issue during the semester or did it JUST break after the Spring semester was over?
I went back to my office to do more research and there was a forum post about adding a certain item to the Group Policy. I also started fiddling with the Provisioning Console and found this feature to delete computer account and add computer account to the domain. So I decided to make the changes to the Group Policy that the forum post states I should make, delete the computers that were having the issue via Citrix Provisioning Console (instead of thru the AD server), and then added those computers back and crossed my fingers. And it WORKS!
So the moral of the story is – I hate Windows!