August 27, 2015

Fix: The trust relationship between this workstation and the primary domain failed



C1: xóa computer account
C2: disjoin domain

cach đó la dễ nhất rồi, bên này cung co 1 so máy hay bị. thấy da số toan disjoin roi join kể cả HP cũng thế, nó tạo cái tool tự disjoin và join lại

Lỗi nầy thuờng là do trùng computer name. Or DNS ko work. Bạn check lại 2 vấn đề trên xem

hoặc tham khảo bài viết dưới:

This guide is using the PowerShell or NETDOM tool and does not require rejoining the domain
Error1x
Have you seen this? ‘The trust relationship between this workstation and the primary domain failed’
Or this? ‘The security database on the server does not have a computer account for this workstation trust relationship.’ Same issue, different symptom.
Error11
I have on multiple occasions beeing a heavy Hyper-V user for my labs…
There are apparently a number of reasons why this happens, but the main reason seems to be lost connection between the ‘client/server’ and the Domain controllers. If the scheduled password change occurs while the server or client is unavailable or has been shut down, then the passwords stored in the server/client and the domain controllers for the computer account mismatch, and you will end up getting this error when trying to logon to the server. It can also appear differently, like if all service accounts stop functioning with events logged as a result, or similar that happens when the server is still running and you have been able to logon or simply never logged off.
The real question…How do we fix it? There are a number of TechNet forum threads on this(added one below as references) and many blog posts allready written, but since I’m always having difficulty finding them myself when I need them, I’ll make my own. Please feel free to borrow this knowledge and reblog/repost it yourself :-) (The guide however, is my own creation…)
The easiest or at least the quickest solution, is to have the server leave the doamin by adding it to a workgroup, then joining it back to the domain again. But, this can sometimes be a bit risky, you may have lots of service account running as domain users and so on, you don’t feel like uncoupling the server from the domain at all, then do this instead.
This guide is taking for granted that you prior to following these steps, have restored network connectivity between the server/client and the domain controllers, else this will fail. Resetting the computer password can not be done offline.
The following steps are performed on a Windows Server 2008 R2 machine, but the same steps apply to Windows Server 2012
Ok, I’ll do as I’m used to and describe what to do in a step by step guide, like this:
You log on to your server like you are used to, using your personal domain account:
Error0
You type the password and hit enter, then, BAM! This, instead of the normal logon procedure…what a start on a monday morning…
Error1x
No good…if you don’t like to meddle with server affairs and are the kind of person who likes to stick to your apps once logged into the server, copy the link to this blogpost and send it to someone who can fix it…else, keep reading.
Press OK and then Switch user.
Error2x
Then use the local server administrator account to logon to the server.
Error3
In my case it is one of my SQL boxes, so I type the Servername, Backslash, Local Admin and hit Enter.
The Username can just as well be in the form: ‘.\administrator’, with the single dot replacing the servername
PowerShell Method
New Method, steps performed on Windows Server 2012 but are valid on Win7, Win8x, WS2008 and WS2012R2
Once logged in, you will want to start a PowerShell prompt or PowerShell ISE with administrative privilieges, ‘as administrator’.
PSMethod1x
Next, we solve the problem by resetting the Computer password in Active Directory and on the Local machine, for this we use a PowerShell CMDlet called Reset-ComputerMachinePassword. Type in the following command:
Reset-ComputerMachinePassword -Server <Name of any domain controller> -Credential <domain admin account>
In my environment it looks like this:
PSMethod2
Hit Enter, you will then be prompted for the Domain Administrator accounts password
PSMethod3
Type in the password and hit OK. It will take between 2 to 10 seconds to complete Yoy will then, if everything works, see this:
PSMethod4
Yup, nothing overwelming like ‘Succeeded’ or OK…just the released prompt. It is a success though :-)
Now, we have to do one more thing before order is restored completely, we have to reboot the server. If you don’t, you will still not be able to logon using the domain account.
Use PowerShell…
Reboot
Or the GUI if you prefer
PSMethod5x
After the server has rebooted, you are good to go, logon using your regular personal domain account.
Error0
Done!
NETDOM Method
Old method, performed on Windows Server 2008R2, but are valid also on WS2012 and WS2012R2, not however on Win7 or Win8X
Once logged in, you will want to start a PowerShell prompt or a Command prompt with administrative privilieges, ‘as administrator’.
Error4x
Next, we solve the problem by resetting the Computer password in Active Directory and on the Local machine, for this we use a commande calledNETDOM.
Type in the following command:
NETDOM RESETPWD /Server:<name of any domain controller> /UserD:<domain admin account> /PasswordD:<password>
(Yes, the trailing D’s are supposed to be there, don’t ask me why…)
In my prompt it looks a bit like this:
Error5x
Important! Unlike in this Picture, the domain administrators password will be visible in cleartext, so be careful and close the prompt after you are done!
If you change the password part to be /PasswordD:* It will prompt you to enter your password, and it will not be shown in the CMD box.
(Thanks to Jason Hanson for the tip, and Gerrard Singleton)
Hit Enter and if everything works, you should see this:
Error6xy
Now, we have to do one more thing before order is restored completely, we have to reboot the server. If you don’t, you will still not be able to logon using the domain account.
Error7x
After the server has rebooted, you are good to go, logon using your regular personal domain account.
Error0

Done!

http://blog.blksthl.com/2013/03/18/fix-the-trust-relationship-between-this-workstation-and-the-primary-domain-failed/

1 comment:

  1. I want to thank Dr.Agbazara for his job in my family, this is man who left me and the kids for another woman without any good reasons, i was pain and confuse,till one day when i was browsing through the internet with my computer then i saw Dr.Agbazara contact, then i contaced him and he help me cast a reunion spell, since I then the situation has changed, everything is moving well, my husband who left me is now back to his family. reach DR.AGBAZARA TEMPLE via email if you have any relationship problem at:

    ( agbazara@gmail.com )
    OR whatsapp or call him on +2348104102662

    ReplyDelete