Announcement

Collapse
No announcement yet.

The trust relationship between this workstation and the primary domain failed

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • The trust relationship between this workstation and the primary domain failed

    Hi, there!!
    Recently I've faced "The trust relationship between this workstation and the primary domain failed" error after using system restore on one of the Windows 7 domain member machine:

    For one or two domain member machines it's not a hard issue. But we're noticed it's happen again and again once user used system restore or an old system image has been restored on particular machine. Actually, in my case this issue related to machine account password... The machine account password change is initiated by the computer every 30 days by default . Since Windows 2000, all versions of Windows have the same value.
    When I encountered this issue, I had to go to “Active Directory Users and Computers” console, find the computer object, reset the computer account, log-in with local administrator account on the system, join to a workgroup, reboot, log-in again with administrator account and join the system back to the domain. All these steps could take up to 30 minutes... so I've searched the web for more efficient method. Solution for this issue was found here: http://www.networknet.nl/apps/wp/archives/1938. Since it took some time for me, I've decided to share my experience here, may be it will be useful for somebody else... Back in the old days there was netdom.exe command line utility which has an option to reset the machine account password in domain controller. Out of the box netdom.exe tool is not available on Windows 7. There are two option to get the netdom.exe command line utility working on windows 7:
    1) Logon as local admin, install Remote Server Administration Tools (http://www.microsoft.com/en-us/downl...s.aspx?id=7887), enable netdom by running following command:
    Code:
     
    start /w pkgmgr /iu:RemoteServerAdministrationTools-Roles-AD-DS-SnapIns;RemoteServerAdministrationTools-Roles-AD-DS;RemoteServerAdministrationTools-Roles-AD;RemoteServerAdministrationTools-Roles;RemoteServerAdministrationTools
    reset machine account password by running following command from elevated cmd session:
    Code:
     
    netdom.exe resetpwd /server:<servername> /userD:<username> /passwordD *
    Where:
    <servername> - domain server. Can be found by running following command on different domain member machine:
    Code:
     
    echo %LOGONSERVER%
    <username> - user name of domain member user with administrative rights on affected machine.
    You'll be asked for user password, reboot machine and logon as usual.

    2) logon onto affected machine as local admin. Download and unpack following archive:https://mega.co.nz/#!Jp01zSqJ!xpXY0o...rHVdSbYI_Oxlso, run NetDom.Install.cmd with elevated privileges (working on both 32 and 64 bit OS).
    Reset machine account password by running following command from elevated cmd session:
    Code:
     
    netdom.exe resetpwd /server:<servername> /userD:<username> /passwordD *
    You'll be asked for user password, reboot machine and logon as usual.
    Enjoy!

  • #2
    Re: The trust relationship between this workstation and the primary domain failed

    To save installing the RSAT tools, you can extract netdom.exe from one machine and copy it to others.
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: The trust relationship between this workstation and the primary domain failed

      Originally posted by Ossian View Post
      To save installing the RSAT tools, you can extract netdom.exe from one machine and copy it to others.
      Here it is:
      2) logon onto affected machine as local admin. Download and unpack following archive:https://mega.co.nz/#!Jp01zSqJ!xpXY0o...rHVdSbYI_Oxlso, run NetDom.Install.cmd with elevated privileges (working on both 32 and 64 bit OS).
      Reset machine account password by running following command from elevated cmd session:
      Code:
       
      netdom.exe resetpwd /server:<servername> /userD:<username> /passwordD *
      You'll be asked for user password, reboot machine and logon as usual.
      Enjoy!

      Comment


      • #4
        Re: The trust relationship between this workstation and the primary domain failed

        Or you could change the 30 day Default on the password age.

        MaximumPasswordAge determines when the computer password needs to be changed.
        Key = HKLM\SYSTEM\CurrentControlSet\Services\NetLogon\Pa rameters
        Value = MaximumPasswordAge REG_DWORD
        Default = 30
        Range = 1 to 1,000,000 (in days)
        Group policy setting:
        Computer Configuration\windows Settings\Security settings\Local Policies\Security Options

        I haven't looked for a GPO solution but there should be one. Other option is to change the setting BEFORE you deploy your Windows 7 image.

        It may be worth considering since you appear to frequently spend time to reset the password manually and this should eliminate that job and associated machine downtime.
        Last edited by biggles77; 12th July 2014, 23:29. Reason: Change incorrect info
        1 1 was a racehorse.
        2 2 was 1 2.
        1 1 1 1 race 1 day,
        2 2 1 1 2

        Comment

        Working...
        X