Fixed: Trust relationship in AD
Have you seen this? ‘The trust relationship between this workstation and the primary domain failed’
Or this? ‘The security database on the server does not have a computer account for this workstation trust relationship.’ Same issue, different symptom.
There are a number of reasons why this happens, but the main reason seems to be lost connection between the ‘client/server’ and the Domain controllers. If the scheduled password change occurs while the server or client is unavailable or has been shut down, then the passwords stored in the server/client and the domain controllers for the computer account mismatch, and you will end up getting this error when trying to logon to the server. It can also appear differently, like if all service accounts stop functioning with events logged as a result, or similar that happens when the server is still running and you have been able to logon or simply never logged off.
How do we fix it?
I will be taking for granted that prior to following these steps below you have, restored network connectivity between the server/client and the domain controllers, else this will fail. Resetting the computer password can not be done offline.
The following steps work on Windows 2008(R2), Windows 2012(R2), Windows 7, and Windows 8
Press OK and then Switch user.
Then use the local server administrator account to logon to the server.
Type the Servername, Backslash, Local Admin and hit Enter.
The Username can just as well be in the form: ‘.administrator’, with the single dot replacing the servername
PowerShell Method
Once logged in, you will want to start a PowerShell prompt or PowerShell ISE with administrative privileges, ‘as administrator’.
Next, we solve the problem by resetting the Computer password in Active Directory and on the Local machine, for this we use a PowerShell CMDlet called Reset-ComputerMachinePassword. Type in the following command:
Reset-ComputerMachinePassword -Server -Credential
In my environment it looks like this:
Hit Enter, you will then be prompted for the Domain Administrator accounts password
Type in the password and hit OK. It will take between 2 to 10 seconds to complete. If everything works, see this:
Now, we have to do one more thing before everything is back to normal completely, we have to reboot the server. If you don’t, you will still not be able to logon using the domain account.
Use PowerShell…
Or the GUI if you prefer
After the server has rebooted, you are good to go, logon using your regular personal domain account.
Thanks for reading my post.