Fix trust relationship between workstation domain failed error without rejoining domain

Posted on by k0k0t

Reset computer password to fix: the trust relationship between this workstation and the primary domain failed” error

The problem

The aforesaid error means that the computer can no longer communicate securely with its Active Directory domain. There’s mismatch between machine’s private secret value stored locally and in the domain controller. The main cause seems to be network connectivity problems between the client/server comptuers and the domain controllers.

The fix

The recommended by Microsoft fix is to rejoin the domain to restore the trust relationship or remove the computer object and recreate it without a password and rejoin domain. It works, but it’s time consuming as it requires two reboots.

The better fixes

1. Instead of rejoining domain one can change computer’s password using netdom.exe tool. It’s a part of free Remote Server Administration Tools for Windows 7 or Remote Server Administration Tools for Windows 10.

netdom.exe resetpwd /s:dc-hostname.domain /ud:domainadminusername /pd:* (enter domain administrator password when prompted)

 

2. Run the following command from an elevated command prompt:

Test-ComputerSecureChannel -Repair -Credential (get-credential)

 

3. Run the following Powershell command:

Reset-ComputerMachinePassword -Server dc-hostname.domain

Leave a Reply

Links: Managed IT Services 24/7 Emergency Support Infrastructure Relocation Network Cabling Preventive Maintenance Computer Resources Computer Service for Non Profits Service Coverage Areas Blog Backup vs. Business Continuity Datto Backup Solutions Prevent Ransomware IT Services for Law Firms