Fixing the trust relationship between this workstation and the primary domain failed

Some time ago my ForeFront TMG server had crashed and not being an expert sysadmin, I wasn’t able to figure out what was wrong. The only thing I could think of was restoring the server from an earlier snapshot. Thanks to the Hyper-V interface this is really easy, even a software developer can do this.

After having restored the server to an earlier state I connected to the server and was prompted with a message telling me “the trust relationship between this workstation and the primary domain failed". I figured this had probably something to do with restoring the snapshot from quite a while back. Doing some research on the issue confirmed my suspicions.

Apparently this happens when your machine can’t communicate securely with the Active Directory anymore. This can happen for a number of reasons. Reason for my machine not being able to communicate anymore has probably something to do with some password changes, which the old snapshot wasn’t aware off.

Microsoft has an article dedicated to this issue. They tell you to remove the machine from the domain and rejoin. This seems a bit rigorous and I don’t really want to do such things to my ForeFront server. Without it I don’t have internet!

Lucky for me this is exactly what the people at Implbits thought. In the earlier linked article they describe a better solution, which is using netdom.exe. By using the command below, you can update the password of the machine:

netdom.exe resetpwd /s:<server> /ud:<user> /pd:*
<server> = a domain controller in the joined domain
<user> = DOMAIN\User format with rights to change the computer password

After updating the password the machine will behave normally again. If you are interested in some more background information, check out the blogpost at Implbits. They’ve done some more research on the subject.


comments powered by Disqus