locked
The trust relationship between this workstation and the primary domain failed RRS feed

  • Question

  • I had about 20 computers connect to a windows 2008 server.   One of windows 7 this morning display " The trust relationship between this workstation and the primary domain failed".  I checked this PC, local administrator is disabled. and none of account can log in to this PC included administrator account. 

    I can't re-add this PC to domain, because I am not able to log in the system.

    How can I resolved this problem? 



    • Edited by Ryan3049 Monday, August 17, 2015 2:10 PM
    Monday, August 17, 2015 1:59 PM

Answers

  • This usually occurs due to the computer's machine account has the incorrect role or its password has become mismatched with that of the domain database.
     
    The only way to correct this is to log on locally as a local administrator, then remove the computer from the domain, and then rejoin again. If you are not able to log on at all, then I'm afraid you may have to install the system.
     

    Regards,

    Ethan Hua


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Tuesday, August 18, 2015 8:01 AM
  • Just resolved this problem by using Win PE to create a local administrator account then re-join the domain

    Thanks for your answers 

    Regards, 

    Ryan Yan

    Friday, August 21, 2015 7:23 PM

All replies

  • Sounds like you may have to re-image it.

     

     


    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows]

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Monday, August 17, 2015 6:58 PM
  • This usually occurs due to the computer's machine account has the incorrect role or its password has become mismatched with that of the domain database.
     
    The only way to correct this is to log on locally as a local administrator, then remove the computer from the domain, and then rejoin again. If you are not able to log on at all, then I'm afraid you may have to install the system.
     

    Regards,

    Ethan Hua


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Tuesday, August 18, 2015 8:01 AM
  • Thanks for your answer  
    Friday, August 21, 2015 1:17 PM
  • You can do some initial testing and you DO NOT have to remove the PC from the domain and re-add. Use the NetDom commands below to check and also reset the secure channel between the client and domain.

    Verify the secure channel

    Netdom Verify <computer> /Domain:example.com /UserO:Administrator /PasswordO:*


    Reset the Secure Channel

    Netdom Reset <computer> /Domain:example.com /UserO:Administrator /PasswordO:*

    Try that.

    Will.

    Friday, August 21, 2015 1:32 PM
  • Just resolved this problem by using Win PE to create a local administrator account then re-join the domain

    Thanks for your answers 

    Regards, 

    Ryan Yan

    Friday, August 21, 2015 7:23 PM
  • I was going to suggest that you use a tool like that to create an account or brute force the existing local account.
    Friday, August 21, 2015 7:52 PM