Sunday, 11 May 2014

Broken trust relationship between Windows 7 and domain

Broken trust relationship between Windows 7 and domain

ISSUE

When logging into a domain account in Windows 7, you receive the following error: "The trust relationship between this workstation and the primary domain failed."

This happens when the machine you are trying to access can no longer communicate securely with the AD domain to which it is joined. The machine’s private secret is not set to the same value store on the domain controller, so when you try to login with a domain account, it fails to verify the Kerberos ticket you receive from the AD against the private secret that is stored on the local machine.

RESOLUTION

1.    Log onto the machine using a local administrator login (non-domain). 
2.    Remove the computer from the domain by placing back onto a local WORKGROUP. 
3.    Rename the computer to something else. If named COMPUTERNAME01, rename to COMPUTERNAME02. This prevents the domain from using the same stored computer information on the AD, which had lost the secure connection and key. 
4.    Reboot, and place machine back onto the domain using administrative credentials. Reboot again,and you will now be able to login as domain user.

No comments:

Post a Comment