61 thoughts on “Fix: The trust relationship between this workstation and the primary domain failed

  1. Absolutely spot on. my dev sp2010 running under win2008R2 became accessible by domain admin . As aside, the snapshot hierarchy seems very brittle in win8 hyper-v/

  2. Nothing above worked for me…but I figured it out the hard way…hope this helps others

    1/Turn Off Wifi
    2/Plug in a ethernet cable to the router/hub directly connecting the PC/laptop
    3/take the pc out of the domain and put is a temp workgroup then Restart.
    4/login with local admin, put the PC into the domain, then restart.
    5/login with a domain user or domain admin.

    Next time you shall never have a problem…

    The Wificard/Driver for 64 bit machines is the culprit.

    1. Done twice, but error pops up again after a day or so. current workaround is to login without any network connectivity and after logged in then connect network cable or switch on wifi.

    2. Excuse me Mr. Einstein… but your discovery which you devised all by yourself IS actually mentioned by the author, who went on to say (and I agree) that it was a bit too risky. I find it hard to believe that his solution would not work for you when your ingenious solution did. So I hypothesise that you completed his steps using your Wifi card, which you found later on to be the cause of your issue. By the way, there’s no requirement to disconnect Wifi and connect via wired to rejoin a domain. It’s only because in your case, your WIfi card driver was failing to function properly in 64-bit mode.

      Here’s the evidence (end of 2nd paragraph):

      “The easiest or at least the quickest solution, is to have the server leave the domain by adding it to a workgroup, then joining it back to the domain again. But, this can sometimes be a bit risky…”

  3. If you change the password part to be /PasswordD:\* It will prompt you to enter your password, and it will not be shown in the CMD box.

  4. “Then use the local server administrator account to logon to the server. (…), so I type the Servername, Backslash, Local Admin and hit Enter.”

    It’s way easier if you write “.” (dot) instead of typing the full local host name ie. .\Administrator.

  5. The asterix for the password command is slightly wrong – it should be “/PasswordD:*” (i.e., no backslash before the asterix)

  6. I had this trouble in a clients office this morning, It was a simple fix. Disconnect workstation from the network, log in as normal, run system restore, reconnect network, reboot. Done. Might have just been lucky but it worked.

  7. Fantastic approach to reset the password without disjoining and rejoining the server/client to domain. I applied the above fix in one of my T1 servers which shows the same error because of snaphot restoreation. It really worked !!!!! Thank you a lot for blogging this article.

  8. Dude, you rock! I reverted to a four day old VM snapshot and the trust was already gone. The powershell step did not work because if the failed trust, BUT the “netdom” command was solid! Mucho gracias mi amigo!

  9. Thomas, Thank You for a well documented and workable solution. Just tired it and it worked great. Keep up the good work.

  10. Monday morning 7 am… no connection to our terminal server. Booom:”The trust relationship between this…” thanks to you it only took me 5min to solve this! You are THE MAN!!! 🙂

  11. Ok unplug the network cable log on with your id. Server 2008r2 will let you log in. Now drop the server from the domain, enter the user ID with rights to take it out or add it back to the domain. Reboot as required. Plug the network cable back in and log on as administrator, add it back to the domain, again with a domain admin ID reboot and you back on the domain. I just did this today.

  12. This totally saved me. The Hyper-V server, if disconnected from the domain, acted like it couldn’t see the DNS server in order to reconnect. After about 6 hours of using snapshots, trying to disconnect/reconnect to the domain, I was ready to restore the working configuration from an imaged backup. I don’t know how I finally stumbled upon your guide, but I’m very happy I did.
    Also, if it helps anyone out; I was able to recover having deleted the Computer Object from ADUC with the free Object Restore utility from Quest (http://www.quest.com/object-restore-for-active-directory/). Not having enabled AD Recycle Bin, this saved me from having to boot to DSRM to restore my Active Directory db.

  13. Yeah this works using netdom for W2008 R2 , make sure you are typing /UserD and /PasswordD . there is a “D” at the end
    Simple Typo mistake

  14. Great article! Solved the problem for me more than once by doing this! I hate rebuilding user profiles after a disjoin / rejoin… it is never fun.

    One thing I noticed that may or may not be just my interpretation:

    Next, we solve the problem by resetting the Computer password in Active Directory and on the Local machine, for this we use a PowerShell CMDlet called Reset-ComputerMachinePassword. Type in the following command:

    Reset-ComputerMachinePassword -Server -Credential

    Could be interpreted as having to run the above powershell command on both the domain controller (or PDC if only one DC) and the local server / workstation.

  15. You are Da’ Man!! You just fixed a problem I had for days. Thanks partner. You got me out of a major jam.

  16. Thanks so much, I converted a Citrix Machine to Virtual and this was not letting me log in! Your solution got me in. I used the netdom command.

  17. This is definitely the easiest / lowest risk approach to fixing these errors that I have ever seen. Great post!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s