top of page

How to fix AD Computer trust error and how to solve them in multiple ways.

In this article We see about Trust relationship  between this workstation and the primary domain failed. For Example, user is trying to login in workstation System. Enter the User Name and password.

In database on the server does not Have  computer account for workstation trust relationship.

Let’s see How to fix the issue in multiple ways. In this method, you will see When user login to workstation error display appearing. Now check User password has been valid or not. The computer account password is valid for 30 days (by default) and then automatically changes. It is important to understand that the change of password initiated by computer is defined by Domain policies. This is similar to the changing user password process. You can configure maximum account password age for domain computers by using GPO Domain member: Maximum machine account password age. Open GPO editor click- Computer Configuration- Windows Settings- Security Settings- Local Policies- Security Options.

Right Click- Domain member: Maximum machine account password age and click properties And set the specify number of days between 0 and 999 (by default it is 30 days) and click OK.

Using Netdom resetpwd to Fix Trust Relationship Failed To use it, login to the target system with Local administrator (!!!) credentials (by typing, “.\Administrator” to the logon window) and run following command: Netdom resetpwd /Server:DomainController /UserD:Administrator /PasswordD:Password

Reset-ComputerMachinePassword using PowerShell If you want to restore a trust relationship as a local Administrator, run PowerShell console and execute this command: Reset-ComputerMachinePassword -Server DomainController -Credential Domain\Adminisatrator Enter the password click OK.

In this method, you will see Cmdlet does not display any messages on success, so just change the account, no reboot required. using Powershell cmdlet Test-ComputerSecureChannel: Test-ComputerSecureChannel -Repair -Credential corp\vetrivel secured channel has been successfully reestablished using following command: nltest /

Reset User Account by using dsa.msc Enter Server manager click Tools- Active Directory Users and computers

Expand Domain Name Example: ( click Computer Name-  Reset Account.

Click yes to reset this computer account

Click OK.

Restart Windows workstation machine and Log on to your domain user account How to set credential In Local Machine In this method, you will see Credential Manager where you will add domain controller account in Windows Credential. Open control panel and click Credential manager

Click Windows Credentials and click Add a windows Credential

Enter the User credential and click OK

Restart Windows workstation machine and Log on to your domain user account In this method, you will see If password has expired, computer changes it automatically when login on the domain. Therefore, even if you did not Power on your computer for a few months, trust relationship between computer and domain still be remaining and the password will be changed at first registration in the domain. Most of the ways to restore trust relationship is: 1.Reset local workstation password 2.Move computer from Domain to work group

3. Restart 4. Reset Computer account in the domain using ADUC console 5. Re-join computer to the domain

6. Restart again

3 views0 comments


bottom of page