How to fix AD Computer trust error and how to solve them in multiple ways.

In this article We see about Trust relationship  between this workstation and the primary domain failed.
For Example, user is trying to login in workstation System. Enter the User Name and password.
1In database on the server does not Have  computer account for workstation trust relationship.
2Let’s see How to fix the issue in multiple ways.
In this method, you will see When user login to workstation error display appearing.
Now check User password has been valid or not.
The computer account password is valid for 30 days (by default) and then automatically changes. It is important to understand that the change of password initiated by computer is defined by Domain policies. This is similar to the changing user password process.
You can configure maximum account password age for domain computers by using GPO Domain member: Maximum machine account password age.
Open GPO editor click- Computer Configuration- Windows Settings- Security Settings- Local Policies- Security Options.
3Right Click- Domain member: Maximum machine account password age and click properties
And set the specify number of days between 0 and 999 (by default it is 30 days) and click OK.
4Using Netdom resetpwd to Fix Trust Relationship Failed
To use it, login to the target system with Local administrator (!!!) credentials (by typing, “.\Administrator” to the logon window) and run following command:
Netdom resetpwd /Server:DomainController /UserD:Administrator /PasswordD:Password
5Reset-ComputerMachinePassword using PowerShell
If you want to restore a trust relationship as a local Administrator, run PowerShell console and execute this command:
Reset-ComputerMachinePassword -Server DomainController -Credential Domain\Adminisatrator
Enter the password click OK.
6In this method, you will see Cmdlet does not display any messages on success, so just change the account, no reboot required.
using Powershell cmdlet Test-ComputerSecureChannel:
Test-ComputerSecureChannel -Repair -Credential corp\vetrivel
secured channel has been successfully reestablished using following command:
nltest /sc_verify:corp.windowstechpro.com
7Reset User Account by using dsa.msc
Enter Server manager click Tools- Active Directory Users and computers
8Expand Domain Name Example: (windowstechpro.com)-Computers-Right click Computer Name-  Reset Account.
9Click yes to reset this computer account
10Click OK.
11Restart Windows workstation machine and Log on to your domain user account
How to set credential In Local Machine
In this method, you will see Credential Manager where you will add domain controller account in Windows Credential.
Open control panel and click Credential manager

12Click Windows Credentials and click Add a windows Credential
13Enter the User credential and click OK
14Restart Windows workstation machine and Log on to your domain user account
In this method, you will see If password has expired, computer changes it automatically when login on the domain. Therefore, even if you did not Power on your computer for a few months, trust relationship between computer and domain still be remaining and the password will be changed at first registration in the domain.
Most of the ways to restore trust relationship is:
1.Reset local workstation password
2.Move computer from Domain to work group153. Restart
4. Reset Computer account in the domain using ADUC console
5. Re-join computer to the domain166. Restart again

Author Bio

Vetrivel Madeswaran

Leave a Reply

Your email address will not be published. Required fields are marked *