The trust relationship between this workstation and the primary domain failed (XP and Win 2008 R2)
I have a situation where the 'engineering' workgroup XP workstation cannot access the share folder on a Win 2008 R2 server (server1) on a domain. Below are configurations. DOMAIN A The domain 'corp.local' has a subnet address 192.168.0.x. The domain "corp.local" has the following configuration. 1) Win 2003 is utilize a domain server. 2) XP workstations in the domain can see the share on the 'server1' - Win 2008 WORKGROUP B The workgroup is 'engineering' with Ip subnet of 192.168.215.x. 1) The XP workstations can see their own network resources and shares. 2) XP Workstations can see the share folders on the Domain server (win2003) on Domain A. It can also be mapped. Problem: THE XP WORKSTATIONS however, CANNOT SEE THE SHARE FOLDER on the Win 2008 file server on Domain A. The error is: "The trust relationship between this workstation and the primary domain failed." I have done the following: 1) I can ping the 'server1' (win 2008) successfully. 2) I have added the Domain Server on Domain A. 3) Turned off firewall on 'server1' on the win 2008. 4) I can RDP to the server with no problem. I'm new to Win 2008 and networking. I wonder if anyone can help. thanks hugh
July 20th, 2010 10:44am

Only domain users have access to domain resources. They must have valid credentials on the domain. That means that they must have a valid username and password on the domain (or on another domain which is trusted by this domain). You cannot set up a trust with a workgroup because there is no central database of accounts which the domain can check. You will need to set up accounts in the domain for the workgroup users who need to use domain resources. They will then need to map the drives using a "net use" command where they can enter a username and password. Type "net use /?" at a command prompt to see the options available. Bill
Free Windows Admin Tool Kit Click here and download it now
July 20th, 2010 8:06pm

Hi hugh2010 , Thanks for posting here. After reading your post I understand that when you attempted to acess a member server of your domain you had encountered system error prompt ”The trust relationship between this workstation and the primary domain failed”, but access other domain resoure with no problem. If I misunderstand please let me know. Please check if it correctly access this 2008 server from other domain computer ,like from 2003 domain controller? If you still encounter this system prompt , then I think this 2008 server's machine account has the incorrect role or its password has become mismatched with that of the domain database. You may like to rejoin domain to resolve this issue. There are two methods to rejoin the domain: You can join the domain from the client if at the same time you can provide an administrator username and password on the domain. -or- You can delete the existing computer account in Server Manager, recreate the computer account, synchronize the domain, and then on the client rejoin the domain. Thanks. Tiger LiPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
July 21st, 2010 1:47am

Bill - Thanks. However, I'm able to connect from the workgroup XP to the Domain Server and it's shared folder. I have an assigned user to this individual. Tiger Li - Thanks. That resolved my issue. 1) I removed the server in the Active Directory computer list 2) Login into the server using the local admin acct 3) Add the server back in the ADS 4) Rejoin the domain and now it works. Again thanks for the help
Free Windows Admin Tool Kit Click here and download it now
July 21st, 2010 11:00am

Hi hugh201, Glad you were able to solved this issue. Hope you will enjoy our technet forum. Thanks. Tiger LiPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
July 21st, 2010 9:22pm

Hello Tiger Li, I faced same issue for all sites. Is this related to any specific port which need to be opened on firewall? there are few remote sites having this issue when I tried to access remotely from HQ. Remote Site Setup: 1. Win 2008 servers. 2. All servers joined to HQ domain. 3. One RODC in each remote site. HQ Site Setup: 2. Two Win 2008 RWDC servers. Appreciate for your prompt feedback.Nik
Free Windows Admin Tool Kit Click here and download it now
January 6th, 2011 10:05pm

Nik, I often see the same issue on my network but have not been able to isolate the cause. We also have different subnets, one for servers and one for workstations. Security dept says its best but I don't agree. since workstation cannot see the servers between subnets the workstations loose their identity or have a tough time trying to validate their account and once in a while the users need to use their fully qualified domain name to logon to their workstation because the error that pops up says this workstation is not on the domain. Our work around was to use the fully qualified domain name which I think is a help desk nightmare getting woken up by users to tell them this time and time again. I have been trying to read up on this and identify why win7, xp, and win2003/2008 servers have this problem or how to identify the problem with the use of wireshark software to see if packets are not able to make it tot he servers to authenticate. If there are write-ups that someone can put us to this would be helpful so that I can point the finger at our security group and say "See!! its your fault!!" not the server. We have cisco switches so I am guessing we have our switch team blocking certain ports between Subnets. Any help would be helpful. WorkerBee09
May 3rd, 2011 9:54am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics