Trust relationship between this Workstation and the primary domain failed

This post is also available in: Slovenian

Sometimes, trust error may occur between a workstation or a server and a domain. This means that the computer did not find a secure connection to the domain controller or it was rejected by the DC. This is usually found when we want to log in to a computer, via a remote desktop, or through a console, and the login with a domain user account is unsuccessful. However, we can log in with a local user account.

When the trust domain failed at the workstation, it is the fastest solution to remove the computer from the domain and then rejoin it back. When adding to a domain, trust between the domain controller and the workstation is restored.

If this happens with the server, it’s not that simple. At the server we do not want to get domain rejoined or delete the computer account in AD because we don’t want to change the SID.
The change of SID can cause the services that are on this server to fail or connections with databases. Also resetting the computer account password in Active Directory will not help. The same applies to powershell commands in my case.

Powershell

reset-computermachinepassword -credential-server

test-computersecurechannel -repair

Netdom command

The old good netdom command in cmd helped me (do not forget to run as an administrator): netdom resetpwd / s: dc / ud: domain \ admin / pd: “password”

Then you have to restart windows server and you can finally log back into the server as a domain user.

Saša

Works as system engineer in Slovenian Enterprise in Microsoft environment focusing on security, deployments, SharePoint, SCCM and CheckPoint firewall. Author of successful blog about IT security, Microsoft tips & tricks, social media, internet trends.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.