Fix: The trust relationship between this workstation and the primary domain failed

Jasmin KahrimanUpdated on October 9, 2024
Jasmin is a certified MCSA Server Support Specialist

When the error “The trust relationship between this workstation and the primary domain failed” happens, users are usually blocked from logging into their system via the domain, and see the error message right after entering their login details. This error means the connection between the workstation and the domain controller is broken, typically because the workstation’s secure link with the domain is disrupted.

The most common reason is when a computer’s account in the domain goes out of sync, often due to a password mismatch between the local computer and the domain’s Active Directory. Changes in network settings or problems with the domain controller can also cause this issue.

Here are several methods that can help in solving this error.

1. Check DHCP Configuration

Network issues between the workstation and the domain often result from incorrect settings. Properly configuring the DHCP server is crucial, as it provides the necessary IP address and DNS for connecting to the domain controller. Incorrect network details can break this connection and cause errors. Checking DHCP settings helps restore proper communication with the domain.

  1. Press Windows + R, type dhcpmgmt.msc, and hit Enter.
  2. Expand your server to appuals.com\IPv4\Scope. If your network is 192.168.1.0/24 but configured as 192.168.100.1/24, you need to change the DHCP configuration.
  3. Close Device Management.

1.1. For a TP-Link router

  1. Open an Internet browser like Google Chrome, Mozilla Firefox, or Edge.
  2. Type the router IP address to access it.
  3. Under the Network tab, select LAN, then DHCP to inspect your DHCP settings. In this case, DHCP is enabled and set from 192.168.1.100 to 192.168.1.200, which is correct.
  4. Close the browser.

2. Rejoin a Computer to a Domain

Rejoining a computer to the domain can fix the trust relationship error by resetting the secure link with the domain controller. Removing and re-adding the machine creates a new computer account in Active Directory, which updates the computer’s credentials and builds a new trust connection, allowing the workstation to authenticate correctly with the domain controller.

  1. Log on to Windows 10 using a local Administrator account.
  2. Press the Windows key and press E to open File Explorer.
  3. Right-click This PC and choose Properties.
  4. Click Advanced System Settings.
  5. Select the Computer Name tab.
  6. Click Change to add the machine to the Workgroup.
  7. Choose Workgroup and type the name (e.g., WORKGROUP).
  8. Click OK.
  9. Enter the domain Administrator account and password, then click OK.
  10. Click OK and then OK again.
  11. Close System Properties.
  12. Restart your Windows machine.
  13. Log on to Windows 10 using the local Administrator account.
  14. Press the Windows key and press E to open File Explorer.
  15. Right-click This PC and choose Properties.
  16. Click Advanced System Settings.
  17. Select the Computer Name tab.
  18. Click Change to add the machine to the domain.
  19. Enter the domain (e.g., appuals.com).
  20. Click OK.
  21. Enter the domain Administrator account and password, and click OK.
  22. Click OK and then OK again.
  23. Close System Properties.
  24. Restart your Windows machine.
  25. Log on to Windows 10 using the domain user account.
  26. Enjoy working on your machine.

3. Reestablish Trust through PowerShell

Using PowerShell can efficiently fix the trust relationship error without removing the computer from the domain. The Test-ComputerSecureChannel command checks the secure channel, and the -Repair option fixes it. This method resets the connection with the domain controller quickly, saving time and reducing disruptions, which is why administrators prefer it.

  1. Log on to Windows 10 using a local Administrator account.
  2. Click the Start menu and type PowerShell.
  3. Right-click PowerShell and choose Run as Administrator.
  4. Press Yes to confirm.
  5. Type $credential = Get-Credential and press Enter.
  6. Enter the domain admin account and password, then click OK.
  7. Type Reset-ComputerMachinePassword -Credential $credential and press Enter.
  8. Close PowerShell.
  9. Restart your Windows machine.
  10. Log on to Windows 10 using the domain user account.

4. Add Domain Controller to Credential Manager

Adding the Domain Controller to the Credential Manager lets the system store the right login details for connecting to the domain controller. This ensures the computer has the needed login info saved, helping to fix trust issues and prevent login problems. It makes communication with the domain more reliable.

  1. Log on to Windows 10 using a local Administrator account.
  2. Hold the Windows logo key and press R.
  3. Type control.exe /name Microsoft.CredentialManager and press Enter to open Credential Manager.
  4. Select Windows Credentials.
  5. Enter the website or network location address and your credentials.
  6. Click OK.
  7. Close Credential Manager.
  8. Restart your Windows machine.
  9. Log on to Windows 10 using the domain user account.

5. Use Netdom.exe to Reset a Machine Account Password

You can reset the computer’s account password using the Netdom.exe tool. This action re-establishes a secure connection between the workstation and the domain by updating the credentials in the Active Directory. It effectively resolves any mismatches causing the trust problems without needing to rejoin the domain, making it a straightforward and efficient solution.

  1. Log on to the Windows Server using a domain Administrator account.
  2. Hold the Windows logo key and press R.
  3. Type cmd and press Enter to open the Command Prompt.
  4. Type netdom resetpwd /s:server /ud:domain\User /pd:* and press Enter, where s is the domain server name, domain is the domain name, and User is the account that cannot connect to the domain controller.
  5. Close the Command Prompt.
  6. Switch to the Windows client machine.
  7. Restart the Windows machine.
  8. Log on using a domain user account.
  9. Enjoy working on your machine.

6. Reset Computer Account

To simplify the relationship between your computer and the domain, you can reset the computer account. This action refreshes the connection between your computer and the network domain, clearing outdated details and fixing mismatches. It helps your computer connect correctly to the network again without needing to disconnect and reconnect fully, saving time and effort.

  1. Hold the Windows logo key and press R.
  2. Type dsa.msc and press Enter to open Active Directory Users and Computers.
  3. Expand the domain name; for example, appuals.com.
  4. Select Computers.
  5. Locate the computer account that cannot connect to the domain, such as Jasmin.
  6. Right-click the computer (Jasmin) and choose Reset Account.
  7. Click Yes to confirm the account reset.
  8. Click OK.
  9. Close Active Directory Users and Computers.
  10. Restart the Windows 10 machine.
  11. Log on with your domain user account.
  12. Enjoy working on your Windows machine.

7. Perform a System Restore

If other solutions don’t work, try using System Restore as a last option to fix the trust relationship issue. This method can take your system back to an earlier state, undoing recent changes that might have broken the secure link between your computer and the domain. It won’t affect personal files but will restore system settings, potentially fixing the error and re-establishing the trust relationship.

Learn how to perform a System Restore.

Jasmin KahrimanUpdated on October 9, 2024
Jasmin is a certified MCSA Server Support Specialist
ABOUT THE AUTHOR
Photo of Jasmin Kahriman

Jasmin Kahriman


Jasmin is a tech-savvy Systems Engineer with over 15 years of experience in IT infrastructure, holding multiple IT certifications including CNIP, MTA, MCP, MCSA, MCT, Server+, and Network+.