Summary
Restoring a server that has not connected to your domain for some time fails with trust relationship between workstation and domain.
Symptoms
After restoring a server that has not connected to your domain for some time, there might be an issue establishing the connection to your domain. When trying to log in as a domain user account, you will receive this error message:
"The trust relationship between this workstation and the primary domain failed."
This is because in Active Directory, each computer account has an internal password. If the copy of the computer account password that is stored within the member server becomes out of sync with the password copy that is stored on the domain controller, then the trust relationship will be broken.
Resolution
Use a Windows tool named netdom.exe to reset the Machine Account password.
- Log on to the server as the Local Administrator account.
- Open the windows command prompt.
- Type the following:
netdom resetpwd /Server DomainController_Hostname /UserD domain\admin /PasswordD admin_password
where:
- /server is the name of the domain controller to use for setting the machine account password. This is the server where the KDC is running.
- domain\User is the user account that makes the connection with the domain you specified in the /server parameter. This must be in domain\User format. If this parameter is omitted, the current user account is used.
- /PasswordD specifies the password of the user account that is specified.
Once this command is completed, log out of the local admin account and retry logging back in as a domain user account.