There are typically three reasons a computer may show the error message "The trust relationship between this workstation and the primary domain failed."
- The computer does not have a network connection to the domain at first login. (The first time an employee logs into a computer the machine must have a connection to the domain, either through a hardwire in the office or over the VPN if on wifi working remotely. This often effects loaner laptops when an employee takes a loaner laptop out of the office but does not login to it for the first time before taking it out of the office.)
- The computer has been removed from active directory. (This happens often with older computers that have been in a closet or offline for several months. We will regularly scrub active directory for old machines that have not been online in several months. We will delete these computers out of the system and months later a user will try to plug in the computer and login and will be denied. We will then have to login to the computer and re-add the device to the domain.
- The computer is part of active directory but is still not trusted, (This does not happen often but every now and then a computer is listed in active directory but for some reason the computer is still not being provided domain rights. As long as you can access the system, you can login with the local workstation account, run powershell as an admin, and enter the following commands:
$credential = Get-Credential
Reset-ComputerMachinePassword - Server DomainControllerName -Credential $credential