Repeated error "The trust relationship between this workstation and the primary domain failed."

Super User Asked by SideMeatOn on November 2, 2020

I have a user whose laptop keeps throwing up the "The trust relationship between this workstation and the primary domain failed" error message every time she unplugs it from the Ethernet. Also sometimes when she doesn’t. We’ve fixed it a couple of times by disconnecting from the domain and reconnecting, but it keeps happening. Through some combination of unplugging the ethernet and restarting the computer, it will usually fix itself. Any ideas of what’s happening?

2 Answers

  1. Verify user is on correct internal NTP server(s). This causes many such issues

  2. Run command NBTSTAT -RR

  3. Remove from domain, delete from AD if orphaned in AD, confirm no duplicates or orphaned exist and that no DNS or DHCP leases are present.

  4. Reboot and rejoin to domain

  5. Run all updates on client and if possible on all Domain Controllers as well

Good luck.

Answered by Danny Cox on November 2, 2020

Without further information, the error is an indication of an issue with synchronization of the machine account password in Active Directory.

There are some good tips on this thread SuperUser - Trust Relationship Failing.

The quickest validation is to ensure your time is being synchronized appropriately in Active Directory, and on the client computer.

If we have only one domain:

  1. PDC emulator with FSMO roles synchronizes its time with an external NTP time server (could be clock device, a router, another standalone server, an internet time server…).
  2. DCs synchronize their time with PDC emulator.
  3. All member servers and workstations synchronize their time with any domain controller.

Microsoft TechNet

If the time is OK, you can try to reset the machine account with the following line in Powershell. Replace PSCredential with a Domain Admin account, and String with a Domain Controller. You can also perform this by going to the machine account in Active Directory Users and Computers, right clicking the computer name, and hit Reset Account.

    # The syntax
    Reset-ComputerMachinePassword [-Credential <PSCredential>] [-Server <String>]
    # An Example
    Reset-ComputerMachinePassword -Credential domain.localadmin -Server DC01 

Noel Alvarez

You should be required to rejoin the computer to the domain after performing the reset.

If none of those methods work, you can try to completely remove existence of that computer on the domain before rejoining it:

  1. Unjoin the computer from the domain
  2. Remove the machine account from Users and Computers
  3. Rejoin the computer to the domain

Make sure to go through the proper reboots after each step on the client. If you have multiple domain controllers, you may want to ensure the changes replicated to all relevant domain controllers before rejoining the computer to the domain.

Answered by Jim Diroff II on November 2, 2020

Add your own answers!

Related Questions

How to export selected columns into csv file

9  Asked on December 29, 2020 by raul


Why do I need sudo on Terminal?

1  Asked on December 28, 2020 by celtic-sheep


Disable gnome keyring on debian buster

0  Asked on December 27, 2020 by nelsonov


Video and file caching with squid lusca?

1  Asked on December 27, 2020 by badr-uz-zaman


Corsair h100i v2 not fitting

0  Asked on December 27, 2020 by collin-038


`which conda` doesn’t output a path

1  Asked on December 27, 2020 by alec_djinn


Ask a Question

Get help from others!

© 2023 All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP