In this article We see about Trust relationship between this workstation and the primary domain failed.
For Example, user is trying to login in workstation System. Enter the User Name and password.
In database on the server does not Have computer account for workstation trust relationship.
Let’s see How to fix the issue in multiple ways.
In this method, you will see When user login to workstation error display appearing.
Now check User password has been valid or not.
The computer account password is valid for 30 days (by default) and then automatically changes. It is important to understand that the change of password initiated by computer is defined by Domain policies. This is similar to the changing user password process.
You can configure maximum account password age for domain computers by using GPO Domain member: Maximum machine account password age.
Open GPO editor click- Computer Configuration- Windows Settings- Security Settings- Local Policies- Security Options.
Right Click- Domain member: Maximum machine account password age and click properties
And set the specify number of days between 0 and 999 (by default it is 30 days) and click OK.
Using Netdom resetpwd to Fix Trust Relationship Failed
To use it, login to the target system with Local administrator (!!!) credentials (by typing, “.\Administrator” to the logon window) and run following command:
Netdom resetpwd /Server:DomainController /UserD:Administrator /PasswordD:Password
Reset-ComputerMachinePassword using PowerShell
If you want to restore a trust relationship as a local Administrator, run PowerShell console and execute this command:
Reset-ComputerMachinePassword -Server DomainController -Credential Domain\Adminisatrator
Enter the password click OK.
In this method, you will see Cmdlet does not display any messages on success, so just change the account, no reboot required.
using Powershell cmdlet Test-ComputerSecureChannel:
Test-ComputerSecureChannel -Repair -Credential corp\vetrivel
secured channel has been successfully reestablished using following command:
nltest /sc_verify:corp.windowstechpro.com
Reset User Account by using dsa.msc
Enter Server manager click Tools- Active Directory Users and computers
Expand Domain Name Example: (windowstechpro.com)-Computers-Right click Computer Name- Reset Account.
Click yes to reset this computer account
Click OK.
Restart Windows workstation machine and Log on to your domain user account How to set credential In Local Machine In this method, you will see Credential Manager where you will add domain controller account in Windows Credential. Open control panel and click Credential manager
Click Windows Credentials and click Add a windows Credential
Enter the User credential and click OK
Restart Windows workstation machine and Log on to your domain user account In this method, you will see If password has expired, computer changes it automatically when login on the domain. Therefore, even if you did not Power on your computer for a few months, trust relationship between computer and domain still be remaining and the password will be changed at first registration in the domain. Most of the ways to restore trust relationship is: 1.Reset local workstation password 2.Move computer from Domain to work group
3. Restart 4. Reset Computer account in the domain using ADUC console 5. Re-join computer to the domain
6. Restart again