Trust Relationship Failed

If you’ve ever worked in IT, you’ll probably receive at least one “The trust relationship between this workstation and the primary domain failed” error. Basically this means the security hash between Active Directory and your workstation has been corrupted/lost/something and it needs to be re-created. The usual way to do this was to disjoin or unjoin from the domain, and then join the domain once again. For remote users this posed another problem as the remote user must have local admin privileges AND a connection to the business network (usually a VPN). With the advent of SSL VPNs that do not have a client that can load before Windows/Linux/Mac OS starts, the user MUST login prior to connecting and therefore will not receive many of the GPO installation benefits associated with being on a domain. Needless to say, it was a PITA.

So I found an article by Dan Peterson (thanks Dan) that lays out a “better fix” than the rejoin to a domain. And I agree; it is a better fix.

Install Netdom.exe on your computer. I use Windows 7, so here’s how I did it:

Install Remote Server Administration Tools (RSAT) http://www.microsoft.com/downloads/details.aspx?FamilyID=7D2F6AD7-656B-4313-A005-4E344E43997D&displaylang=en
Programs and Features
Turn Windows Features On or Off
Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools
Check AD DS Tools and click OK

Then run Netdom to reset the key:
netdom.exe resetpwd /s:DOMAINSERVER /ud:DOMAINADMINACCOUNT /pd:*

So in my case it was:
netdom.exe resetpwd /s:dc1.domain.tld /ud:domain.tld\administrator /pd:*

It then asks for the password for your domain admin account. Enter it in. When finished, reboot the machine and away you go.

Leave a Reply

Your email address will not be published. Required fields are marked *