Windows – Trust Relationship between Workstation and Primary Domain Failed

There is a fix but not so easy to accomplish remotely of you don’t have the proper tools installed on the machine.

image

Netdom

In order to use the netdom tool you must have Remote Server Administration Tools (RSAT) installed.

Install the Remote Server Administration Tools (RSAT).

  1. Go to Control Panel -> Programs and Features -> Turn Windows features on or off
  2. In the treeview, go to Remote Server Administration Tools -> Role Administration Tools -> AD DS and AD LDS Tools and select AD DS Tools. Click OK.

NETDOM should be located in your SYSTEM32 folder.

To reset the computer’s password:

  • Log into the affected client with a local account with administrative privileges
  • Open an elevated PowerShell or Command prompt
  • Run the Netdom command
    netdom.exe resetpwd /servername.domain /ud:ad\jsmith /pd:*
    • The user specified with the “/ud:” must have rights to change the computer object password
    • The “/pd:*” switch will hide the entered password
  • Reboot

If you like to use Powershell be aware that is is depending on the PS Version installed Sad smile

PowerShell v2 – Test-ComputerSecureChannel

      Log into the affected client with a local account with administrative privileges Open an elevated PowerShell prompt Load the Active Directory PowerShell module
Import-Module activedirectory

Test the secure channel

Test-ComputerSecureChannel

If the command returns false, run the command with the “-Repair” switch

Test-ComputerSecureChannel -Repair -Credential $(Get-Credential)

verify the secure channel using the Test-ComputerSecureChannel

Test-ComputerSecureChannel

Reboot

PowerShell v3 or higher – Reset-MachineAccountPassword

      Log into the affected client with a local account with administrative privileges Open an elevated PowerShell prompt Load the Active Directory PowerShell module
Import-Module activedirectory

Test the secure channel

Test-ComputerSecureChannel

If the command returns false, run the Reset-MachineAccountPassword command

Reset-MachineAccountPassword -Credential $(Get-Credential)

verify the secure channel using the Test-ComputerSecureChannel

Test-ComputerSecureChannel

Reboot

Alternative :

Try to download machinepwd: http://www.joeware.net/freetools/tools/machinepwd/index.htm and then run it on the workstation.

If that machinepwd fails:

  1. Reset the computer account in AD
  2. On the workstation, run: machinepwd /fix

If you have User Account Control (UAC) enabled then you must start the the command prompt in “Run as Administrator” mode.

This should force the workstation to re-sync the machine password with AD, and re-establish the trust relationship.

Advertisements

One Response to Windows – Trust Relationship between Workstation and Primary Domain Failed

  1. testing says:

    Pretty section of content. I just stumbled upon your
    blog and in accession capital to assert that I get actually enjoyed account your blog posts.
    Any way I will be subscribing to your feeds and
    even I achievement you access consistently quickly.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: