I have a user whose laptop keeps throwing up the "The trust relationship between this workstation and the primary domain failed" error message every time she unplugs it from the Ethernet. Also sometimes when she doesn’t. We’ve fixed it a couple of times by disconnecting from the domain and reconnecting, but it keeps happening. Through some combination of unplugging the ethernet and restarting the computer, it will usually fix itself. Any ideas of what’s happening?
Verify user is on correct internal NTP server(s). This causes many such issues
Run command NBTSTAT -RR
Remove from domain, delete from AD if orphaned in AD, confirm no duplicates or orphaned exist and that no DNS or DHCP leases are present.
Reboot and rejoin to domain
Run all updates on client and if possible on all Domain Controllers as well
Answered by Danny Cox on November 2, 2020
Without further information, the error is an indication of an issue with synchronization of the machine account password in Active Directory.
There are some good tips on this thread SuperUser - Trust Relationship Failing.
The quickest validation is to ensure your time is being synchronized appropriately in Active Directory, and on the client computer.
If we have only one domain:
- PDC emulator with FSMO roles synchronizes its time with an external NTP time server (could be clock device, a router, another standalone server, an internet time server…).
- DCs synchronize their time with PDC emulator.
- All member servers and workstations synchronize their time with any domain controller.
If the time is OK, you can try to reset the machine account with the following line in Powershell. Replace PSCredential with a Domain Admin account, and String with a Domain Controller. You can also perform this by going to the machine account in Active Directory Users and Computers, right clicking the computer name, and hit Reset Account.
# The syntax Reset-ComputerMachinePassword [-Credential <PSCredential>] [-Server <String>] # An Example Reset-ComputerMachinePassword -Credential domain.localadmin -Server DC01
You should be required to rejoin the computer to the domain after performing the reset.
If none of those methods work, you can try to completely remove existence of that computer on the domain before rejoining it:
- Unjoin the computer from the domain
- Remove the machine account from Users and Computers
- Rejoin the computer to the domain
Make sure to go through the proper reboots after each step on the client. If you have multiple domain controllers, you may want to ensure the changes replicated to all relevant domain controllers before rejoining the computer to the domain.
Answered by Jim Diroff II on November 2, 2020
3 Asked on December 29, 2021 by khamey
1 Asked on December 29, 2021 by jon-d
2 Asked on December 29, 2021 by cubi73
1 Asked on December 29, 2021 by el-jimmer
1 Asked on December 29, 2021 by sps
1 Asked on December 29, 2021 by al-daigen
0 Asked on December 29, 2021
1 Asked on December 29, 2021 by mogplus8
0 Asked on December 29, 2021
3 Asked on December 29, 2021 by user3026965
2 Asked on December 29, 2021 by harist0x
0 Asked on December 29, 2021 by ctidrv
0 Asked on December 27, 2021 by edualvarado
1 Asked on December 27, 2021
Get help from others!