none
"Trust relationship between this workstation and primary domain failed"

    Question

  • We are in the process of deploying Windows 7 and started getting this error: ""Trust relationship between this workstation and primary domain failed".  FYI - We started getting this error after our server team started deploying Server 2008 R2 Domain Controllers.  Rebooting seems to fix the problem, but we need a permanent preventative solution!

    Thursday, December 08, 2011 7:03 PM

Answers

  • Hi,

    Make sure that the workstations are pointing to local DNS server IP as preferred DNS in NIC, you need to disjoin the workstation from domain, delete computer account from ADUC and rejoin problem workstation again to domain.

    Also try below hotfix for windows 2008R2 and win7: http://support.microsoft.com/kb/976494


     
    Abhijit Waikar - MCSA 2003|MCSA 2003:Messaging|MCTS|MCITP:SA
    • Marked as answer by TE2011 Thursday, December 08, 2011 8:43 PM
    Thursday, December 08, 2011 7:56 PM

All replies

  • Hi,

    Make sure that the workstations are pointing to local DNS server IP as preferred DNS in NIC, you need to disjoin the workstation from domain, delete computer account from ADUC and rejoin problem workstation again to domain.

    Also try below hotfix for windows 2008R2 and win7: http://support.microsoft.com/kb/976494


     
    Abhijit Waikar - MCSA 2003|MCSA 2003:Messaging|MCTS|MCITP:SA
    • Marked as answer by TE2011 Thursday, December 08, 2011 8:43 PM
    Thursday, December 08, 2011 7:56 PM
  • The Hotfix should do the trick.  Thanks
    Thursday, December 08, 2011 8:43 PM
  • Anyone on the planet successful with downloading the hotfix?

    There is no password supplied, which makes it impossible to get the hotfix.

    :(

    Thursday, January 19, 2012 4:00 AM
  • Hey BRCCdyoung there is a link at the top which says:  "View and request hotfix downloads", click on that and follow the instructions on the resulting page. You will get an e-mail with a link to the hotfix. It will probably be in the junk folder on your e-mail client. Click on the link provided and the download will start automatically.
    Thursday, February 02, 2012 3:32 PM
  • I agree with Abhijit and will do the same. Also make sure that you "Enable NETBios over TCP/IP" under WINS tab at both places (Server, Workstation).

     

    All the best.

    Thursday, February 02, 2012 3:36 PM
  • Thanks for the help guys.

    I downloaded the fix and applied to a win 7 laptop.

    I recieve the following error:

    "The update is not applicable to your computer."

     

    Ive tried rejoining to the domain several times but the problem is still there.

     

    Thanks,

    Damien

     

     

    Friday, February 03, 2012 1:54 AM
  • Hi guys, I downloaded the x86 instead of the 64 bit. So I tried to download the x64 fix.

    I filled out the form, refreshed the captcha image about 20 times until I could read it.

    I recieved the email, but when I click on the email link it asks me for a password? (which I dont have)

    Is there any other way to get these? Why do I have to go through such a ridiculous process to download a hotfix?:(

    Any help would be greatly appreciated.

     

    Thanks,

    Damien

     

    Friday, February 03, 2012 3:17 AM
  • I managed to download the hotfix.

    (The link supplied was always asking me for a login, then one day it stopped??)

    Ive downloaded all the hotfixes and all of them give an error : " The update is not applicable to your computer"

    Ive tried 32-bit intel (which is what the computer is) plus the other just in case but all of them give the same message.

    I now have close to 30 laptops that have this issue...

    Wednesday, February 15, 2012 5:04 AM
  • A quick but not permanent fix which I use:

    R-click on Computer.

    Select 'Properties'

    Computer name, domain, and workgroup settings  (Click Change Settings)

    Look for 'To rename this computer or change its domain....'  Click Change...

    Click the radio button that says 'Workgroup' and give it a name...call it WORKGROUP or whatever.  Doesn't matter.

    Click OK to accept the change

    Make sure you know your admin password, then click OK 

    You'll be prompted to enter the domain admin username and password.  Do it.

    Next you'll be prompted to restart your computer.  Don't bother.  Not necessary.

    Now.... reverse the process and rejoin the domain.  (Yeah this sounds crazy but it works)

    Click the Change... button to rename this computer or change its domain...

    Click the radio button to change from workgroup to Domain.   Change the name to your domain.

    Enter your credentials when asked.   Restart your computer.

    You can now log onto your domain. 

    I've done this dozens of times and it's never failed.

    Ken

    Tuesday, February 28, 2012 8:02 PM
  • I've also had the error "The update is not applicable to your computer".

    Does anyone know what this is about?

    I'll try HappyDupa's suggestion.


    • Edited by JayCoopIVR Sunday, May 06, 2012 8:59 AM
    Sunday, May 06, 2012 8:57 AM
  • Nice,

    This worked for me on a SBS 2008 office where a single machines trust failed for absolutely no good reason.

    I guess we'll find out whether it is a temporary fix, likely.

    Tuesday, September 11, 2012 5:49 PM
  • Merhabalar,

    Problemin temel kaynağı olan (computer account password) makine hesabı şifresi ile problemli makinede kayıtlı şifrenin eşleşmemesidir. 

    Aktif dizin’de makine hesabı (computer account) şifresi varsayılan olarak 30 günde bir değiştirilir. Aynı kullanıcı hesaplarında olduğu logon esnasında hesabın bu 30 gün süreyi doldurup doldurmadığı kontrol edilir. Kullanıcılar için şifre değiştirme ekranı gelirken makine hesapları şifresi netlogon servisi tarafından otomatik olarak güncellenir. 30 gün süresi dolan ve aktif olamayan hesaplar, aktif olduğunda güncellenir. 


    Problemin temek kaynakları için birkaç örnek:

    1.Durum: Birden fazla DC'niz var ise ve bunlar arasında replikasyon sorunları var ise olabilir.

    2.Durum: Etki alanı (active directory) ‘de yaşanan bir problem sebebiyle yedekten dönme işlemi yapılmış olabilir.

    3.Durum: Makinenizde yaşanan bir problem sebebiyle yedekten dönme işlemi yapılmış olabilir.

    Her iki durumda da yedekten dönme zamanı, şifre değişim zamanına denk gelmiş olanlar makineler problemden etkilenecektir.

    4.Durum: DC üzeriden veya RSAT üzerinden makine hesabı resetlenmiş olabilir.




    Sorunu asagidaki komut ile giderebilirsiniz. Yalniz "netdom.exe" 'yi bilgisayarına ya RSAT kurarak yada asagidaki linkten download edebilirsin.  Netdom.exe sadece windows'un sunucu versiyonlarında yüklü olarak bulunur.


    netdom.exe resetpwd /s:[etkialani] /ud:[user] /pd:[password]

    [etkialan] = Etki alanı (active directory) adınız veya IP adresi Ör: “Test.com” veya “192.168.100.1″

    [user] = Etki alanı (active directory) yetkili bir kullanıcı. Ör: “sisyon” veya “Administrator”

    [password] = Kullanıcıya ait şifre. Ör: “Aa12345″ veya “*”


    Download netdom.exe and script: http://siberblog.org/wp-content/uploads/2012/10/netdom_trust_script.rar


    Ayrıntılı olarak incelemek istersen: http://siberblog.org/index.php/the-trust-relationship-between-this-domain-and-the-primary-domain-failed/


    Daha da ayrıntılı analiz etmek ve tüm dc üzerinde sorunlu makineleri tespit etmek istersen:
    http://siberblog.org/index.php/active-directory-analysis-the-trust-relationship-between-this-domain-and-the-primary-domain-failed/



    Tuesday, October 30, 2012 7:46 PM