Skip to main content

Fix: The trust relationship between this workstation and the primary domain failed

There are two ways how can you manage your client and server machines in home or business environment, including Workgroup and Domain infrastructure. The workgroup is decentralized network infrastructure used for home and small business networks up to 10 machines. Workgroup does not require a dedicated server for managing machines, every machine has a different user account. On another side, domain infrastructure is centralized network infrastructure which supports thousands of machines. For the implementation of domain infrastructure, you will need to purchase minimum one server which will act as Active Directory Domain Services and Domain Name Services. After you implement AD DS and DNS you will need to join all machines in the network to your domain and create domain user accounts for every user. Next time, the user will log on using domain user account, and not the local user account. There are a lot of benefits by using domain infrastructure, including centralized and simplified management, fault tolerance, one user account for many services, and others. Few users encouraged problem when logging to the domain, including error: The trust relationship between this workstation and the primary domain failed.
This issue occurs on client and server operating system, from Windows XP to Windows 10 and from Windows Server 2003 to Windows Server 2016. There are different reasons why this issue occurs, including a problem with a user account, the problem with the relationship between client and domain server and others. For this article, I created domain infrastructure appuals.com on Windows Server 2008 R2 and Windows Server 2016.

There are seven methods which will help you to solve this issue.

Method 1: Check DHCP configuration

Did you add new DHCP server or reconfigure your current DHCP pool? If not, please read next method. If yes, please continue reading this method. There are two ways how you can assign IP addresses to hosts in your computer network, including static and dynamic addressing. Static addressing is manually assigning IP addresses to your machines which consume much more time and decrease the productivity of IT Administrator. We are recommending you to use dynamic addressing using DHCP (Dynamic Host Computer Protocol) protocol. The best practice will include static addressing for servers, storage and network printers, and dynamic addressing to other hosts in the network. Few users encouraged problem after they added another DHCP server in the current network. The problem was wrong DHCP pool for hosts in the network. Based on that, we are recommending you to check is DHCP working properly and are you using right network subnet. We will show you how to check DHCP on Windows Server 2016 and router TP-Link TL-ER6120. Imagine, the right network is working in C class, 192.168.1.0/24. So, let’s start.
  1. Hold Windows logo and press R
  2. Type dhcpmgmt.msc and press Enter to open DHCP Management tool
  3. Expand your server as following appuals.com\IPv4\Scope. As you can see this DHCP is not configured properly. Our network is 192.168.1.0/24, and configured network is 192.168.100.1/24. In that case, you will need to change DHCP configuration.
  4. Close Device Management
In the second example, we will show you how to check DHCP configuration on TP-Link router. If you do not know how to access your router, please read the technical documentation of your router.
  1. Open Internet browser (Google Chrome, Mozilla Firefox, Edge or other)
  2. Type router IP address to access router
  3. Under Network tab choose LAN, and then DHCP to check your DHCP configuration. In our example, DHCP is enabled and configured as following 192.168.1.100 – 192.168.1.200, which is OK.
  4. Close Edge

Method 2: Rejoin a Computer from a Domain

In this method, you will need to rejoin your client machine from a domain. For this action, you need to use Domain Administrator account which has permission to do changes like join or rejoin machine from the domain. We will show you how to rejoin Windows 10 Pro from Windows Server 2016 Standard. The same procedure is compatible with other client and server operating system, including client operating system from Windows XP to Windows 8 and server operating system from Windows Server 2003 to Windows Server 2012 R2.
  1. Log on Windows 10 using local Administrator account
  2. Hold Windows logo and press E to open File Explorer
  3. On the right side of the File Explorer right click on This PC and choose Properties
  4. Click Advanced System Settings
  5. Choose Computer Name tab
  6. Click Change to add machine to Workgroup
  7. Choose Workgroup and type Workgroup In our example, the Workgroup name is WORKGROUP. You can type whatever you want.
  8. Click OK
  9. Type domain Administrator account and password and then click OK
  10. Click OK and then OK
  11. Close System Properties
  12. Restart your Windows machine
  13. Log on Windows 10 using local Administrator account
  14. Hold Windows logo and press E to open File Explorer
  15. On the right side of the File Explorer right click on This PC and choose Properties
  16. Click Advanced System Settings
  17. Choose Computer Name tab
  18. Click Change to add machine to domain
  19. Choose a domain and type the domain In our example it is appuals.com.
  20. Click OK
  21. Type domain Administrator account and password and then click OK
  22. Click OK and then OK
  23. Close System Properties
  24. Restart your Windows machine
  25. Log on Windows 10 using domain user account
  26. Enjoy working on your machine

Method 3: Reestablish trust through PowerShell

In this method, we will reestablish trust between the domain controller and client using PowerShell. You will need to log on using a local Administrator account.
  1. Log on Windows 10 using local Administrator account
  2. Click on Start menu and type PowerShell
  3. Right click on PowerShell and choose Run as Administrator
  4. Press Yes to confirm running as Administrator
  5. Type $credential = Get-Credential and press Enter
  6. Enter domain admin account and password and then click OK
  7. Type Reset-ComputerMachinePassword -Credential $cred and press Enter
  8. Close PowerShell
  9. Restart your Windows machine
  10. Log on Windows 10 using domain user account

Method 4: Add domain controller to Credential Manager

In this method, you will use Credential Manager where you will add domain controllers account in Windows Credential. We will show you how to do in on Windows 10.
  1. Log on Windows 10 using local Administrator account
  2. Hold Windows logo and press R
  3. Type control.exe /name Microsoft.CredentialManager and press Enter to open Credential Manager
  4. Choose Windows Credential
  5. Type the address of the website or network location and your credentials
  6. Click OK
  7. Close Credential Manager
  8. Restart your Windows machine
  9. Log on Windows 10 using domain user account

Method 5: Use Netdom.exe to Reset a Machine Account Password

This method is compatible with Windows Server 2003 and Windows Server 2008 R2. If you are using a newer version of server operating systems, please read next method. We will show you how to reset a machine account password on Windows Server 2008 R2.
  1. Log on Windows Server using domain Administrator account
  2. Hold Windows logo and press R
  3. Type cmd and press Enter to open Command Prompt
  4. Type netdom resetpwd /s:server /ud:domain\User /pd:* and press Enter, where s is the name of domain server, domain is domain name and User is user account which can not connect to domain controller
  5. Close Command Prompt
  6. Move to Windows client machine
  7. Restart Windows machine
  8. Log on Windows machine using domain user account
  9. Enjoy working on your machine

Method 6: Reset Computer Account

In this method, you will need to reset computer account using Active Directory User and Computers tool which is integrated into servers with Active Directory Domain Services role. The procedure is simple and compatible with server operating systems from Windows Server 2003 to Windows Server 2016.
  1. Hold Windows logo and press R
  2. Type dsa.msc and press Enter to open Active Directory User and Computers
  3. Expand domain name. In our example it is appuals.com
  4. Choose Computer
  5. Navigate to the computer account which can not connect to a domain. In our example, it is computer Jasmin
  6. Right click on computer (Jasmin) and choose Reset Account
  7. Click Yes to confirm resetting computer account
  8. Click OK
  9. Close Active Directory User and Computers
  10. Restart Windows 10 machine
  11. Log on to your domain user account
  12. Enjoy working on Windows machine

Method 7: Perform a System Restore

We talked so much time about System Restore because it helped us so many times in troubleshooting issues with system or application. Also, system restore can help you to solve the issue with reverting your system to the previous state when everything worked properly. Please note that you can not restore your Windows machine to the previous state if System Restore is turned off. Please read how to perform a System Restore.

Comments

Post a Comment

Popular posts from this blog

How to Format/Indent XML Files in Notepad++

Notepad++ is a free text and source code editor that is mostly used by programmers. It is an advanced alternate version of the default notepad which supports 50 programming, scripting and markup languages. It allows a user to edit codes within multiple tabs in a single window. However, it lacks the formatting for XML files or XML code. Users will find it difficult to edit or read the XML code without the correct format for code. How to Format/Indent XML Files on Notepad++ What is XML File? XML (stands for eXtensible Markup Language) which is a language designed to store and transport data. XML files are just plain text files that can’t do anything on their own. Custom tags are used in XML files to define objects and the data within each object. It defines a set of rules for encoding documents in such a format that both humans and machines could read. XML is similar to HTML but the difference is that HTML defines how data looks, while XML defines what data is. XML Code samp...
Post a Comment
Read more

How to Fix ‘The Local Security Authority Cannot be Contacted’ Error on Windows

This error appears when users try to login to other computers via a remote desktop connection. The problem prevents them from connecting and it displays the “The Local Security Authority Cannot be Contacted” error message. The problem often appears after an update has been installed on either the client or the host PC and it causes plenty of problems on many different versions of Windows. The Local Security Authority Cannot be Contacted There have been many unofficial fixes for the problem which were created by the users who had the same unfortunate experience. We have gathered the working methods in this article so make sure you follow it in order to resolve the problem. What Causes “The Local Security Authority Cannot be Contacted” Error on Windows? Pinpointing the correct cause for the problem is one of the most important steps when it comes to resolving one. That is why we have created a list of possible causes for the problem so make sure you check it out below: D...
Post a Comment
Read more

Fix: The Active Directory Domain Services is currently unavailable ‘Windows 7, 8 and 10’

The error Active Directory Domain Services is currently unavailable means that the system is not able to find and connect to your printer, hence the process is stopped and cannot proceed further. This process allows the computer to manage and allocate resources. If this error occurs, it means that there is most probably a problem with the permissions, drivers, UAC etc. We have listed down a number of solutions for you to check. Start with the first one and work your way down. Solution 1: Resetting Printer Spooler Settings The spooler service is a software program which is responsible for managing all print jobs being sent to the computer printer. The print spooler service is usually visible to users and they can also cancel a print job which is being processed. It also allows them to manage jobs which are currently on the waitlist. We can try restarting this service and check if this solves the problem. Press  Windows + R  to launch the Run application. Type ...
Post a Comment
Read more