locked
Trust relationship between this workstation and the primary domain failed RRS feed

  • Question

  • I'm getting error on multiple systems "Trust relationship between this workstation and the primary domain failed "

    And i would like to know how i can find a root cause of this issue. what is the exact reason, this error occurred.

    please don't post any kind of resolution as same is available in multiple forum.

    I want to know the RCA for this & only post related to this.

    Wednesday, May 10, 2017 10:11 AM

All replies

  • Hello,

    You receive this alert, because ATA sees multiple Kerberos pre-authentication failed requests for a machine in a period of time. 

    When a computer is joined to the domain, a secure channel password is stored with the computer account on the domain controller. By default, this password is changed every 30 days. ATA may raise this alert when the secure channel password held by the computer does not match what is stored in AD. 

    Before simply rejoining the computer to the domain, we can verify the issue remotely using the commandlet test-computersecurechannel as shown below.
    Invoke-command -computer <broken trust computer name> -scriptblock {Test-computersecurechannel}

    In addition, please make sure the workstations can communicate with domain controllers correctly. 

    Best regards,
    Andy Liu

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, May 11, 2017 9:30 AM
  • what are the possible reasons that secure channel password held by the computer does not match what is stored in AD. OR why the computer is not able to generate & communicate the secure channel password to the server

    Does any event log gets generated to highlighting this communication gap.

    Thursday, May 11, 2017 12:00 PM
  • Hello Vishal,

    You can refer to the following article for more details about the typical symptoms for secure channel broken.

    https://blogs.technet.microsoft.com/asiasupp/2007/01/17/typical-symptoms-when-secure-channel-is-broken/

    Best regards,

    Andy Liu


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, May 12, 2017 9:32 AM