Occasionally a workstation, or sometimes even a member server, will give the error “The trust relationship between this workstation and the primary domain failed” when logging on to the computer. There are a few reasons why this error may occur, but in any case, there is a password mismatch between the client computer and its computer account in Active Directory. When this happens, you’re not able to log on to the computer with a domain user account.
There are two ways to resolve this issue, but the easy way is not always the best. The first reaction may be to simply rejoin the computer to the domain – but this can have serious consequences, especially if this is a server. By doing this you may lose all configuration information for this computer that is stored within Active Directory, as well as leave behind orphaned references to the computer account all across Active Directory.
The best method to resolve the trust relationship error is to reset the computer account in Active Directory – just like you would for a user account password. There are two ways to accomplish this – 1) Through the Active Directory Users and Computers console, or 2) With PowerShell 3.0 or newer on the affected computer (logged on as a local administrator).
To reset the computer account through the ADUC console, open the ADUC console and find the computer account. Right-click on the computer account and select Reset Account.
To reset the computer account via PowerShell 3.0 or newer, you will need to logon to the affected computer as a local administrator. Then open PowerShell with elevated privileges and run the following command:
Reset-ComputerMachinePassword -Credential [AD-Domain\username] -Server [DomainControllerName]
You will be prompted for the domain user’s password.
The last step is to reboot the computer and logon with your domain credentials.