Microsoft’s Active Directory services manages all users, controllers and other resources on the Windows server domain. It uses username, passwords and Secure Shell keys to identify the directory objects.

You will encounter the “Trust relationship between this workstation and the primary domain failed” error if the private secret key on the PC is different from that of the primary AD server. This results in the user not being able to access the Windows Server Domain.

It usually happens because of duplicate computers or Domain Controller objects. However, it can also occur because of many other reasons.

maximum-tolerance-clock-synchronization

In this article, we explain all the possible reasons and how you may troubleshoot them.

Causes for Trust Relationship between This Workstation and the Primary Domain Failed

Here are the potential causes for the “trust relationship between this workstation and the primary domain failed” issue:

Fixes for Trust Relationship between This Workstation and the Primary Domain Failed

There are many possible solutions you may perform from the local computer. But for others, you need to utilize the Domain Controller (DC) or a PC with RSAT tools.

Change-Domain-Name

If you don’t have access to the DC, contact the system administrator to ask them to perform the relevant troubleshooting methods.

Also, keep in mind that you need tolog in to your local administrator (not domain user) accountbefore performing the solutions from the workstations.

The first thing you should do isset correct date and time.If there’s more than 5 minutes of difference between the Domain Controller and the workstations, the users can’t authenticate to the DC services.

join-workgroup

To resolve this issue, you need to sync the times properly. Automatically syncing the time with the internet on the DC as well as your local machine should be enough in most cases.

If there’s still some discrepancy, you need to adjust a Group Policy Object (GPO) on the Domain Controller. The process is as follows:

One possible quick fix is to modify the domain name from FQDN to NETBIOS name. This refreshes your workstation on the domain without having to disconnect and reconnect it. However, it doesn’t work for public domains and only works within a NETBIOS Active Directory.

scope-properties

Changing the domain name from NETBIOS name to FQDN is also a good solution if you are connected to a public domain and there are many servers with the same domain name. Adding the suffix helps you connect to the exact domain you want.

add-windows-credential

test-computer-secure-channel

machine-password-age-provisioning

reset-password