Active Directory

Fix : Trust relationship between this workstation & domain failed

Last Updated: October 5, 2023
0 515

How to Fix the “Trust Relationship between This Workstation and the Primary Domain Failed” Error When You Log in to Windows 7

Trust relationship between this workstation & domain failed

The error “Trust relationship between this workstation and the primary domain failed” is one of the common errors in Windows system administration that occurs when you try to log in to a domain computer. This error can occur even after you enter valid domain credentials.

A user encounters this error when a channel is broken between the affected machine and the active directory. The reasons for this error can include problems with a user account, problems in the relationship between the client and domain controller server, and others. You can’t log in to any domain account when these problems occur. You’ll be able to log in only with a local account.

Symptoms or Errors

The “The trust relationship between this workstation and the primary domain failed” error appears when you attempt to log in to the domain. You are not able to log in with the domain credentials and access the resources. You may get stuck at the login prompt and be unable to log in to the computer with a domain credential.

Causes

Active Directory includes accounts for all domain-joined computers. The password associated with the Active Directory is renewed every month by default. Sometimes, the computer’s password becomes unsynchronized with the password in Active Directory. When the password doesn’t match, it displays the above error message, and you won’t be able to log in. 

The most common causes of this error are:

  1. When the computer’s password doesn’t match the password stored in the domain controller.
  2. Duplicate a computer or domain controller.
  3. The computer last connected to the domain a month ago.
  4. A new computer with the same name was added.
  5. The new domain-joined computer has the same name.
  6. The computer object is no longer in the active directory. 
  7. Replication issues between domain controllers

Why does this error occur?

The Workstation and the Primary Domain Trust Relationship Failure is one of the most irritating errors we see when working with Active Directory-joined devices. This error can occur when the computer is no longer trusted with the domain. This means the secure channel between the Active Directory and the workstation is missing. The passwords are not synchronized between the computer and the Active Directory. There could be more reasons for the occurrence of this error. 

How to Fix the Error

To resolve this issue, remove the affected machine from the domain and add it to the workgroup. 

then add it again to the domain. These are the steps to take:

  • Log in to the local administrator account on the affected computer.
  • Search for the Advanced System Setting and click on it.
  • Click on the computer name, and then the Change button.
  • Enter a name in the Workgroup section and click OK. A specific name doesn’t matter as it is temporary. 
  • Next, click OK on the dialogue boxes that appear.
  • Close the System Properties window. Then, reboot the computer.
  • At the logon prompt, log in to the same local administrative account. 
  •  Launch the System Properties window.
  • Again, click the change button in the computer name.
  • Enter the name of the Active Directory domain in the Domain section.
  • Enter the credentials of a domain user account that has permission to add. Click OK.
  • Click OK on the dialog boxes that appear.
  • Close the System Properties window and reboot the computer.
  • You can now log in to a domain account without an error.

Repair Trust Relationship without Rebooting

There is also a way to resolve the workstation and the primary domain trust relationship failure error without rebooting your computer. This method can be useful when you need to solve this on multiple computers. To proceed with this method, the computer object is required to be in the Active Directory.

  1. First, open the Active Directory Users and Computer
  2. Select Find it after right-clicking on your domain. 
  3. Change to Computers
  4. Search the computer’s name. 

If the computer object is present in the Active Directory, you can log in with a local administrator account. Next, run the PowerShell command given below. It will ask you to enter the domain password. 

Reset-ComputerMachinePassword -Server DomainServer -Credential 

DomainName\Administrator

This will reset the password and synchronize it with the Active Directory server. You’ll need to test if the Trust Relationship is restored or not. 

For this type “Test-ComputerSecureChannel” cmdlet.

If it returns “False”, you can resolve it with the following command. Again, it will ask you to enter a domain administrator password.

Test-ComputerSecureChannel -Repair -Credential DomainName\Administrator

You should be able to log in to your domain account again after running this command. Also, you don’t need to restart your computer during or after this process. 

Conclusion

In conclusion, the two methods provided above are the easiest solution for the error “’Trust Relationship between this Workstation & Domain Failed” on Windows 7. You can try either of the two troubleshooting to get rid of this error. Also, make sure to prevent the issue again by synchronizing time between the computer and domain controller and regularly changing the computer password. If you’re looking for a great website to learn about Active Directory and Windows server administration, feel free to visit us at WindowsTechno. Our courses are easy to follow, focusing on fundamental concepts explained in simple language.

FAQs

What does a computer-domain trust relationship mean?

A trust relationship between a computer and a domain means an administration and communication link between the computer and the domain. When a computer joins a domain, a trust relationship is created between them. This enables the computer to access the information and confirm user authentication. 

Can I prevent the “The trust relationship between this workstation and the primary domain failed” error in the future?

Yes, you can prevent this error in the future by making sure to connect the computer’s time and password with the domain controller. 

How can I avoid trust relationship issues?

You can avoid trust relationship issues by regularly changing computer passwords, synchronizing time between the computer and domain controller, and preventing the computer from being removed from the Active Directory.

Can a non-administrator account resolve the “The trust relationship between workstation and primary domain failed” error?

You need to log in with a local administration or domain account initially to solve this problem. You cannot solve this error with a non-administrator account. 

How useful was this post?

Click on a star to rate it!

As you found this post useful...

Follow us on social media!

Was this article helpful?
YesNo
Tags
Last Updated: October 5, 2023
0 515
Photo of Vipan Kumar

Vipan Kumar

He is an Active Directory Engineer. He has been working in IT industry for more than 10 years. He is dedicated and enthusiastic information technology expert who always ready to resolve any technical problem. If you guys need any further help on subject matters, feel free to contact us on admin@windowstechno.com Please subscribe our Facebook page as well website for latest article. https://www.facebook.com/windowstechno

Leave a Reply

Check Also
Close
Back to top button