The trust relationship between this workstation and the primary domain failed. RRS feed

  • Question

  • We have a Windows Server 2008 R2 machine that serves as our HyperV server. For some reason when I try to login to it, it gives me the error:

    "The trust relationship between this workstation and the primary domain failed."

    The only "cause" that I was able to find was from a microsoft KB article that states:

    " The computer's machine account has the incorrect role or its password has become mismatched with that of the domain database."

    Then they say to rejoin the server to the domain.

    My question is, does anyone know of a root cause for this? If it has to do with the machine account's password, WHY did it suddenly become mismatched? If it's the role that's incorrect, why all of the sudden?

    No where do I find answers to this.

    Any ideas?

    Thursday, February 23, 2012 8:42 PM


All replies

  • Does the machine can talk to the DC ?

    Seem like it joined the domain and after it fall in tombstone. Server isolated in a vlan ?   We need a bit more information

    MCP | MCTS 70-236: Exchange Server 2007, Configuring

    Thursday, February 23, 2012 9:36 PM
  • The machine can talk to the DC just fine. It was able to ping it with no issues. It's not isolated on a VLAN.
    Thursday, February 23, 2012 9:56 PM
  • If it can ping, I would suspect an antivirus program or a restore point in the past could make the same thing. Computer account password are valid 30d.

    If net use //computername or net view //computername fail with access denied then it's really a computer account password problem. Reset the computer account on the DC should solve the issue

    MCP | MCTS 70-236: Exchange Server 2007, Configuring

    Friday, February 24, 2012 1:35 AM
  • The fix should be to reset the computer account password. You can use netdom for this, per this article:


    Richard Mueller - MVP Directory Services

    Friday, February 24, 2012 2:01 AM
  • Hi,

    The root cause can be the computer account's password and the LSA secret are not synchronized.


    Arthur Li

    TechNet Community Support

    Friday, February 24, 2012 6:25 AM
  • The Trust Relationship Bwtween This workstation and the Primary Daomian Failed

    You dont need to modify and domain and trust settings on your server , the Fix is really silly .. the Solution is to UNPLUG the network cable before booting

    this will bypass the trust Failure limitation .. once logged in replug the network cable . simple .isnt it ? now u can easly leave the domian, reboot and then join again the domain .. this will restore the failes workstation trust relationship between the client and the server and the  user account will be working again

    have you encountered this problem before ? how were you able to restore the trust relationship between the domian controller and the windows client ? let me know if you have other solutions for this problem ..

    • Proposed as answer by Saqib Latif Thursday, April 12, 2012 9:07 AM
    Thursday, April 12, 2012 9:05 AM
  • One more thing bro, Unplug the cable and rejoin it to domain and last thing go to safe mode and press enter to DIRECTORY SERVICES REEPAIR MODE.............

    Face the fact tat we all have plenty to learn about this field. Deal wit the failures, use tem as motivation, learn something new everyday. Claiming false credentials & phantom skillsets will not get you far, especially when 63248651487512645876531864 people in the universe know how 2 use the internet

    Thursday, April 12, 2012 9:55 AM
  • Hi

    I noticed this problem when the time of the problematic machine was out of synch with the domain controller, by that I mean that the problematic machine had a time difference of more then 5 minutes between itself and the domain controller.

    Tuesday, May 22, 2012 10:41 AM
  • Hi I have come across this problem before and it only seems to happen on laptops!

    I think I may have found the cause for this.

    When your laptop is using a Wi-Fi manager like (HP Wi-Fi manager or Dell Wi-Fi manager or any other) other than the Microsoft Wi-Fi manager it seems that when logging on to the laptop it does not authenticate with the DC and instead uses the cached password on the laptop to log on. Thus the pc never logs on to the network and looses the trust relation because there is no groupolicy that updates.

    It seems that when using the HP Wi-Fi , it only connects you to a Wi-Fi access point when you are logged in and never authenticates with a DC appon login. When using the Microsoft Wi-Fi manager it will connect to a Wi-Fi access point before you are logged in. Thus when you login, the laptop can authenticate with a DC.

    I have changed this on all our work laptops and have never since got that error again.

    Hope this helps


    • Proposed as answer by V1rusDynam1cs Tuesday, August 7, 2012 12:28 PM
    Tuesday, August 7, 2012 12:25 PM