AnswerBun.com

Repeated error "The trust relationship between this workstation and the primary domain failed."

Super User Asked by SideMeatOn on November 2, 2020

I have a user whose laptop keeps throwing up the "The trust relationship between this workstation and the primary domain failed" error message every time she unplugs it from the Ethernet. Also sometimes when she doesn’t. We’ve fixed it a couple of times by disconnecting from the domain and reconnecting, but it keeps happening. Through some combination of unplugging the ethernet and restarting the computer, it will usually fix itself. Any ideas of what’s happening?

2 Answers

  1. Verify user is on correct internal NTP server(s). This causes many such issues

  2. Run command NBTSTAT -RR

  3. Remove from domain, delete from AD if orphaned in AD, confirm no duplicates or orphaned exist and that no DNS or DHCP leases are present.

  4. Reboot and rejoin to domain

  5. Run all updates on client and if possible on all Domain Controllers as well

Good luck.

Answered by Danny Cox on November 2, 2020

Without further information, the error is an indication of an issue with synchronization of the machine account password in Active Directory.

There are some good tips on this thread SuperUser - Trust Relationship Failing.

The quickest validation is to ensure your time is being synchronized appropriately in Active Directory, and on the client computer.

If we have only one domain:

  1. PDC emulator with FSMO roles synchronizes its time with an external NTP time server (could be clock device, a router, another standalone server, an internet time server…).
  2. DCs synchronize their time with PDC emulator.
  3. All member servers and workstations synchronize their time with any domain controller.

Microsoft TechNet

If the time is OK, you can try to reset the machine account with the following line in Powershell. Replace PSCredential with a Domain Admin account, and String with a Domain Controller. You can also perform this by going to the machine account in Active Directory Users and Computers, right clicking the computer name, and hit Reset Account.

    # The syntax
    Reset-ComputerMachinePassword [-Credential <PSCredential>] [-Server <String>]
    
    # An Example
    Reset-ComputerMachinePassword -Credential domain.localadmin -Server DC01 

Noel Alvarez

You should be required to rejoin the computer to the domain after performing the reset.

If none of those methods work, you can try to completely remove existence of that computer on the domain before rejoining it:

  1. Unjoin the computer from the domain
  2. Remove the machine account from Users and Computers
  3. Rejoin the computer to the domain

Make sure to go through the proper reboots after each step on the client. If you have multiple domain controllers, you may want to ensure the changes replicated to all relevant domain controllers before rejoining the computer to the domain.

Answered by Jim Diroff II on November 2, 2020

Add your own answers!

Related Questions

Full screen window command from Linux terminal?

1  Asked on December 29, 2021 by jon-d

       

Wifi connection drops multiple times a day

2  Asked on December 29, 2021 by cubi73

   

Smart Error BIOHD-8 on boot

1  Asked on December 29, 2021 by usersuper29

     

gcc: fatal error: no input files

2  Asked on December 29, 2021 by pcheck

   

Reboot and select proper boot device?

1  Asked on December 29, 2021 by el-jimmer

     

USB webcams with capture buttons

1  Asked on December 29, 2021

   

2nd HDD not detecting in BIOS

2  Asked on December 29, 2021 by harist0x

       

Increase a certain cell reference by 1

1  Asked on December 29, 2021 by rafalmcdragon

 

bootrec /rebuildbcd finds “0” Windows installations

0  Asked on December 27, 2021 by edualvarado

     

Ask a Question

Get help from others!

© 2022 AnswerBun.com. All rights reserved. Sites we Love: PCI Database, MenuIva, UKBizDB, Menu Kuliner, Sharing RPP