Fix: "The trust relationship between this workstation and the primary domain failed"

Error:  "The trust relationship between this workstation and the primary domain failed".  

Background:  Domain logon fails because the computer password is outdated.  The machine password updates every 30 days.  This problem occurs when adding a computer to the domain with the same name, or restoring a computer from backup (e.g., VM snapshot).

Solution:    First and foremost, ensure computers have a local Administrator account and password before this problem occurs!

  • Create a unique (i.e., new) administrator account and password for each computer.  
  • Document the information.
  • Disable the default local "administrator" account. 

Use the local administrator account to log onto the computer after the domain authentication fails.  One of the following steps will fix this issue:

Netdom:
netdom.exe resetpwd /s: /ud: /pd:*
= a domain controller in the joined domain
= DOMAIN\User format with rights to change the computer password

 Netdom is not available with every version of Windows.
  • Standard with Windows 2008 R2.
  • Standard with Vista.
  • Install Netdom on Windows 7 with the Remote Server Administration Tools (RSTAT).
  • Powershell replaces netdom,exe in Windows 2012 and Windows 8
PowerShell:
Reset-ComputerMachinePassword [-Credential ] [-Server ]

Note:  "-Server" represents the local domain controller.

GUI:

Alternately, Microsoft recommends removing the computer from the domain:

Control Panel > System > Computer Name > Change settings > Add computer to a workgroup > Restart > Repeat process and add computer to the domain.




References:

https://support.microsoft.com/en-us/kb/2771040
https://support.microsoft.com/en-us/kb/325850
https://technet.microsoft.com/en-us/library/hh849751.aspx


0 Comments:

Post a Comment

My Instagram