"It's not what you can do, it's what you can get done."

Monday, September 30, 2013

"the trust relationship between this workstation and the primary domain failed" better fixes

From http://www.implbits.com/about/blog/tabid/78/post/don-t-rejoin-to-fix-the-trust-relationship-between-this-workstation-and-the-primary-domain-failed/default.aspx

This problem can be caused by various circumstances, but I most commonly run into it when I reset a virtual machine to a system snapshot that I made months or even years before.  When the machine is reset, it is missing all of the automatic password changes that it executed against the domain controller during the intervening months.  The password changes are required to maintain the security integrity of the domain.

The trick is to reset computer account password, use netdom.exe or powershell.

netdom.exe resetpwd /s: /ud: /pd:*

Reset-ComputerMachinePassword [-Credential ] [-Server ] 

Even better (For VM's), avoid the problem altogether by keeping the machine password static. (When appropriate for security, of course.)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Modify the DisablePasswordChange entry from 0 to 1.