Home »
Active Directory issues and fixes

Trust relationship issue

When your computer and the domain controller stop looking at each other eye-to-eye, it might be due to a password misalignment or they are no longer in a committed relationship. But don't worry, we have the perfect reconciliation plan!

  • Trust relationship meltdown
  • "No account? No access!"
  • DNS drama and trust breakdowns

1. Trust relationship meltdown

Error message: The trust relationship between this workstation and the primary domain controller failed.

Issue

The computer's secure channel with the domain controller has broken, often due to mismatched passwords.

Fix 1:

Try to repair the trust relationship first

How to do it

  1. Open PowerShell as an Administrator and run this command:

    Test-ComputerSecureChannel -Repair -Credential (Get-Credential)

Fix 2:

If that fails, rejoin the domain

How to do it

  • Open System Properties (Sysdm.cpl)
  • Click Change, select Workgroup, and apply the changes
  • Restart the computer and rejoin the domain:
    1. Select the domain
    2. Enter the name and provide the right credentials
Trust relationship issue

Fix 3:

Check whether the computer account exists in AD

How to do it

  • Open Active Directory Users and Computers (ADUC)
  • Navigate to computers and ensure the machine account exists
  • If missing, create a new one or reset the existing account.

2. "No account? No access!"

Error message: The security database on the server does not have a computer account for this workstation trust relationship.

Issue

The domain controller doesn't recognize the workstation because its account is missing or corrupted.

Fix 1:

Open ADUC and verify the computer account exists

How to do it

  • If it's missing, manually create a new one and rejoin the domain
  • Run the following command to force an account reset:
    • Reset-ComputerMachinePassword -Server <DomainController> -Credential (Get-Credential)

3. DNS drama and trust breakdowns

Error message: The trust relationship between this workstation and the primary domain controller cannot be established.

Issue

This can be usually due to incorrect DNS settings.

Fix:

How to do it

  • Open your Command Prompt as an Administrator and type the following:

    Test-NetConnection -ComputerName <DomainController> -Port 389

  • Verify DNS settings using: ipconfig /all
  • Make sure it’s pointing to the correct DC IP.
  • Restart the Netlogon service to refresh trust:

    net start Netlogon

Awards & recognition

ManageEngine named in 2024 Gartner MQ for SIEM Gartner Peer Insights Customers' choice for SIEM

  Editor's choice  
  7th time in the MQ in 2024  
  Major player in 2024  
  Integrated cloud security Innovator  
  Technical excellence in SIEM  
  Market leader most innovative  

Gartner® Magic Quadrant™ for SIEM 2024

Features

Support

Secure your IT infrastructure with a cloud SIEM solution

Solutions by industry

Related solutions

One-stop solution to all Log Management and Active Directory Auditing

Free Trial Get Quote
Email Download Link