Trust relationship failed between Workstation and Domain

30/07/2013 No Comments Reading Time: 2 minutes

resetpsw01

To fix the trust relationship failed error there is a quick solution that need few steps and avoid rejoining the machine to the domain.

When you login to the system you receive the error:

The trust relationship between this workstation and the primary domain failed.

The problem is due to the secure communication between the workstation and the Active Directory domain no longer working. The computer’s "private secret" doesn’t have same value stored in the Domain Controller therefore the communication handled by Kerberos cannot be established.

This situation often happen when you restore the virtual machines that use a snapshot taken months before.

 

The problem

You login the workstation entering the domain account and its password.

resetpsw02

The system deny the access replying with the error message shown.

resetpsw03

 

Fix

To fix Windows issues there are usually different solutions, one official fix from Microsoft and alternatives by some Administrators that can solve this matter faster.

Microsoft fix

To fix this issue, Microsoft suggest to rejoin the domain to restore the trust relationship as reported in the support article: http://support.microsoft.com/kb/162797.

The quick fix

Log as Local Administrator in the server with the problem and open the Command Prompt.

resetpsw04

You need to locate the netdom utility that in Windows 2008 and Windows 2008 R2 is stored in the \Windows\System32 directory.

C:\>cd /Windows/System32

Using the utility netdom, type the following command:

netdom.exe resetpwd /s:<domaincontroller> /ud:DOMAIN\<administrator> /pd:*

C:\Windows\System32>netdom.exe resetpwd /s:w2k8r2-dc01 /ud:NOLABNOPARTY\Administrator /pd:*

resetpsw05

If you try to login the system again, you no longer receive the error message.

resetpsw06

 

Netdom.exe in Windows 7

Since Windows 7 doesn't have netdom.exe utility installed by default, you can download netdom from here.

  • Copy netdom.exe in C:\Windows\System32 and netdom.exe.mui in C:\Windows\System32\en-US.
  • Follow same procedure.

This solution allows you to restore the machine functionality faster with just few click without rejoining the workstation to the domain.

firma

Related Posts

About The Author

Paolo Valsecchi

System Engineer, VCP-DCV, VCP-DM, vExpert, VMCE, VMCA, Veeam Vanguard. Working experience focused on VMware vSphere, Microsoft Active Directory, and backup/DR solutions.