How Can We Help?
< All Topics
You are here:
Print

Error: Trust Relationship Failed Between this Workstation and the Primary Domain Failed”

Created OnApril 8, 2020
Last Updated OnAugust 11, 2020
byJames Gray

Problem

Domain users cannot login to domain joined computer with error “Trust relationship failed between this workstation and the primary domain failed”.

Resolution

You can verify that the computer local password is in sync with computer account password on the domain controlled with the Test-ComputerSecureChannel cmdlet. You can use a simple form in Powershell (As Administrator)

Test-ComputerSecureChannel -Verbose
trust relationship failed powershell

Possible Fix 1

If you want to restore a trust relationship run PowerShell (As Administrator) and execute this command:

Reset-ComputerMachinePassword -Server DomainController  -Credential DomainAdmin

e.g.  Reset-ComputerMachinePassword -Server dc1.housingservices.com-Credential adminjd

You can then run the test command from above to see it it worked.

powershell repair domain trust
reset trust relationship

Possible Fix 2

You can find Netdom utility in Windows Server since 2008 version. It can be installed on client PC as part of the RSAT (Remote Server Administration Tools) package. The method is fast and efficient. To use it, login to the target system with the local Administrator (!!!) credentials (by typing, “.Administrator” to the logon window), open the elevated cmd.exe prompt and run following command:

Netdom resetpwd /Server:DomainController /UserD:Administrator /PasswordD:Password

e.g. Netdom resetpwd /Server:dc1.housingservices.com /UserD:adminjd /PasswordD:Pa55w0rd
  • Server – the name of any domain controller
  • UserD – username with domain admin or delegated privileges
  • PasswordD – admin password
reset trust relationship

You can then run the test command from above to see it it worked.

Possible Fix 3

Remove the computer from Active Directory by going to

Start –> Settings –> Accounts –> Access Work or School –> Select the domain in question –> Disconnect –> reboot

Once rebooted login as a local administrator

Start –> Settings –> Accounts –> Access Work or School –> Connect –> Join this device to a local Active Directory domain* –> enter the fully-qualified domain name –> follow the prompts to complete and reboot –> login as domain user

*If this option is not available, you can use Powershell (As Administrator) to join the domain with the following command.

add-computer –domainname ad.contoso.com -Credential AD\adminuser -restart –force
e.g. add-computer –domainname housingservices.com -Credential housingservices\adminjd -restart –force
Add a computer to a domain using PowerShell

Tags:
Table of Contents