Jump to content
Welcome to our new Citrix community!
  • 0

Trust relationship issue MCS dedicated machines

Rob Young1709151927


I have an issue with XD machines falling off the domain periodically.  We are currently using 7.15 ltsr and spin up dedicated MCS machines from a master image.  Periodically I will update the master image (security updates ect), snapshot it, and create a new catalog using the snapshot for new machines being deployed.


After a period of time, some of the machines will fall off the domain. (trust relationship broken)  Any idea what is causing this or a way that I can predict which are going to fall off so I can do something about it before it happens?


Thanks in Advance

Link to comment

6 answers to this question

Recommended Posts

  • 0

These are existing catalogs...so how we structure it is as follows: we have a delivery group (windows 10 std build) and we created a machine catalog from snapshot 1 of a base image and over a few months we will add machines to this catalog.  We will then perform updates on the base image (windows updates mainly) and create snapshot 2...we will then create a new machine catalog from this and going forward (for the next few months) we will create machines in this catalog. (and so on)


sometime down the road some of the machines from catalog 1 and 2 will lose the domain trust (like a machine pwd has changed)...could be a month...could be 3 months...and it doesnt happen to all of them.  So at this point I need to log on locally and rejoin to the domain.  I havent tracked to see if it re-occurs with the same machines or not.  I would just like to find a way that I can either fix this or proactively perform a repair before it happens.

Link to comment
  • 0

We have this issue very infrequently on our persistent VM's. I believe the persistent VM's still reset their AD accounts the same way the non persistent VMs do. That is due to the fact that there is still an identity disk attached to them, so the citrix pvs vmagent service is still responsible for resetting the AD account password.


I don't know what the root cause is, but I'm trying to get an exception for our group so that we can implement the setting listed by cleik59. It will definitely fix this issue :), however as to why it happens I'm not positive. We've seen probably 7-10 machines out of 500 do this in the last year so its infrequent but frustrating when it happens. 

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...