Fix "The trust relationship between this computer and the primary domain failed" error

This is something that happens very often in large organizations with remotely connected sites (whether via MPLS nodes, connected VPNs or remote VPN users).

If you’ve spent any time in the desktop support arena you’ve likely had this error/issue dozens of times.
Here are some surefire ways to fix this fairly quickly.

MANY, many sites will tell you to remove the PC from the domain, delete the computer account and then re-join the computer. This does work – SOMETIMES and can bring on even more problems when it fails.

A simpler solution, that actually works, is to use PowerShell to resolve the issue.
You will need to log into the computer as a local administrator (or possibly you can use the cached domain admin credentials if that’s still an option)

Here are the commands to use in order of preference.

Depending on what version of Windows you are on and how up to date it is you should first download the latest Windows Management Framework (WMF). this contains the latest versions of PowerShell, DSC, WMI, and WinRM for downlevel versions of Windows and Windows Server. Here’s that link

1st try this one from an Admin Powershell:

image

Test-ComputerSecureChannel -Repair -Credential (get-credential)

After that completes restart computer and try domain login.

If that doesn’t work try this one:

Reset-ComputerMachinePassword -Server <ClosestDomainControllerNameHere> -Credential <DOMAIN\domain.admin>

Make sure to specifiy you DC and your domain user name, you’ll be prompted for you password.
The script will run and you’ll be back to the Powershell prompt.
Then just restart machine and try domain login.

An older method you can also try the NETDOM way ( most useful on some non upto date Win7 machines).
You’ll likely have to download the Microsoft Remote Server Admin Tools from here.  Install and then

use the following from an elevated cmd prompt:
netdom.exe resetpwd /s:dc-hostname.domain /ud:domainadminusername /pd:* (enter the domain admin password when prompted)

Hope this helps some.

Leave a Reply

*