ProblemYou see the error message "Trust relationship between this workstation and the primary domain failed" on the screen when: Show
Cause
ResolutionTo resolve this problem, follow any of the solutions given below, Rejoin the computer to the domainFollow the steps given below to remove the computer from the domain, and then connect the computer to the domain.
Rejoin the computer to the domain by running a scriptYou can run a script to rejoin the computer to the domain. Run the following script on the machine where the issue has occurred using local admin privileges,
Access workstation using it's local accountIf you do not want to rejoin the machine to the domain or if the rejoining fails, you can try accessing the workstation machine using it's local account. Keywords: Trust relationship failed, rejoin computer to domain. There are two ways how can you manage your client and server machines in home or business environment, including Workgroup and Domain infrastructure. The workgroup is decentralized network infrastructure used for home and small business networks up to 10 machines. Workgroup does not require a dedicated server for managing machines, every machine has a different user account. On another side, domain infrastructure is centralized network
infrastructure which supports thousands of machines. For the implementation of domain infrastructure, you will need to purchase minimum one server which will act as Active Directory Domain Services and Domain Name Services. After you implement AD DS and DNS you will need to join all machines in the network to your domain and create domain user accounts for every user. Next time, the user will log on using domain user account, and not the local user account. There are a lot of benefits by using
domain infrastructure, including centralized and simplified management, fault tolerance, one user account for many services, and others. Few users encouraged problem when logging to the domain, including error: The trust relationship between this workstation and the primary domain failed. This issue occurs on client and server operating system, from Windows XP to Windows 10 and from Windows Server 2003 to Windows Server 2016. There are different reasons why this issue occurs, including a problem with a user account, the problem with the relationship between client and domain server and others. For this article, I created domain infrastructure appuals.com on Windows Server 2008 R2 and Windows Server 2016. There are seven methods which will help you to solve this issue. Method 1: Check DHCP configurationDid you add new DHCP server or reconfigure your current DHCP pool? If not, please read next method. If yes, please continue reading this method. There are two ways how you can assign IP addresses to hosts in your computer network, including static and dynamic addressing. Static addressing is manually assigning IP addresses to your machines which consume much more time and decrease the productivity of IT Administrator. We are recommending you to use dynamic addressing using DHCP (Dynamic Host Computer Protocol) protocol. The best practice will include static addressing for servers, storage and network printers, and dynamic addressing to other hosts in the network. Few users encouraged problem after they added another DHCP server in the current network. The problem was wrong DHCP pool for hosts in the network. Based on that, we are recommending you to check is DHCP working properly and are you using right network subnet. We will show you how to check DHCP on Windows Server 2016 and router TP-Link TL-ER6120. Imagine, the right network is working in C class, 192.168.1.0/24. So, let’s start.
In the second example, we will show you how to check DHCP configuration on TP-Link router. If you do not know how to access your router, please read the technical documentation of your router.
Method 2: Rejoin a Computer from a DomainIn this method, you will need to rejoin your client machine from a domain. For this action, you need to use Domain Administrator account which has permission to do changes like join or rejoin machine from the domain. We will show you how to rejoin Windows 10 Pro from Windows Server 2016 Standard. The same procedure is compatible with other client and server operating system, including client operating system from Windows XP to Windows 8 and server operating system from Windows Server 2003 to Windows Server 2012 R2.
Method 3: Reestablish trust through PowerShellIn this method, we will reestablish trust between the domain controller and client using PowerShell. You will need to log on using a local Administrator account.
Method 4: Add domain controller to Credential ManagerIn this method, you will use Credential Manager where you will add domain controllers account in Windows Credential. We will show you how to do in on Windows 10.
Method 5: Use Netdom.exe to Reset a Machine Account PasswordThis method is compatible with Windows Server 2003 and Windows Server 2008 R2. If you are using a newer version of server operating systems, please read next method. We will show you how to reset a machine account password on Windows Server 2008 R2.
Method 6: Reset Computer AccountIn this method, you will need to reset computer account using Active Directory User and Computers tool which is integrated into servers with Active Directory Domain Services role. The procedure is simple and compatible with server operating systems from Windows Server 2003 to Windows Server 2016.
Method 7: Perform a System RestoreWe talked so much time about System Restore because it helped us so many times in troubleshooting issues with system or application. Also, system restore can help you to solve the issue with reverting your system to the previous state when everything worked properly. Please note that you can not restore your Windows machine to the previous state if System Restore is turned off. Please read how to perform a System Restore.
Jasmin is a certified Senior Systems Engineer with over 10 years of experience and is currently employed by Paessler AG. Jasmin holds multiple IT certifications which includes CNIP, MTA, MCP, MCSA, Network+. How do you fix the trust relationship between the primary domain and the trusted domain failed?To resolve this issue, remove the computer from the domain, and then connect the computer to the domain. Use a local administrator account to log on to the computer. Select Start, press and hold (or right-click) Computer > Properties. Select Change settings next to the computer name.
How do you fix a broken trust relationship within a domain?Here is the classical way to repair trust relationship between the computer and domain:. Reset the computer account in AD;. Move the computer from the domain to a workgroup under the local administrator;. Reboot;. Rejoin the computer to the domain;. Restart the computer again.. How do you set trust relationship between domains?Log onto domain y as Administrator.. Start User Manager for Domains (Start - Programs - Administrative Tools). Select "Trust Relationships" from the Policies menu.. Click the Add button to the Trusting Domains box.. Enter the name of the domain you want to be able to trust you, i.e. domain x.. What does the trust relationship between this workstation and the primary domain failed mean?"The trust relationship between this workstation and the primary domain failed.” This issue is seen when the session logon is attempted through Remote Desktop Protocol, ICA, or directly at the console. Only logons using local accounts are successful.
|