The trust relationship between this workstation and the primary domain failed

ISSUE

After restoring a server using Bare Metal Recovery, Instant Recovery, or any other method, you encounter the following error when attempting to log in with domain credentials—provided the machine was previously joined to an Active Directory (AD) domain:

"The trust relationship between this workstation and the primary domain failed."

CAUSE

The most common reason for this error is a mismatch in the computer account password between the restored system and Active Directory. This typically occurs if the password was changed after the last backup was taken.

However, there are several other conditions that can cause trust relationship errors which includes, but are not limited to the following:

  • System time differs from the domain controller by more than 5 minutes
  • The domain controller is not a Global Catalog server.
  • The computer account was deleted from AD
  • DNS is not properly configured to point to AD-integrated DNS servers

RESOLUTION

1. Log in with Local Administrator Credentials

  • If local admin access is available, log in normally.
  • If not, disconnect the network adapter to force cached credentials, then reconnect once logged in.

2. Sync System Time

Ensure the system date and time are in sync with the domain controller. A time difference greater than 5 minutes can cause authentication issues.

3. Reset the Computer Account Password

Open a Command Prompt or PowerShell window as Administrator and run one of the following commands:

Option A: Using PowerShell

Reset-ComputerMachinePassword -Server "<DomainController>" -Credential "Domain01\Admin01"
  • -Server: Name of the domain controller to contact
  • -Credential: Domain user in domain\user format. You will be prompted for a password.

Option B: Using Command Prompt

netdom resetpwd /s:<DomainController> /ud:<Domain\User> /pd:*
  • /s: Name of the domain controller
  • /ud: Domain user account in domain\user format
  • /pd:*: Prompts for password

4. Reboot

After the password is reset, reboot the system.

REFERENCES

https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.management/reset-computermachinepassword

https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/use-netdom-reset-domain-controller-password

 

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section