The trust relationship between this workstation and the primary domain failed.
Hi guys, I've been running Vista Enterprise for about 3 months in a Windows 2003 Native mode domain. Randomly, my Vista machine will be unable to authenticate to the domain. I will not be able to RDP to other machines, my proxy authentication (ISA) will fail, network mappings will not work, etc. If I log out and try to log back in, I get: "The trust relationship between this workstation and the primary domain failed." on my login screen. The only fix is a full reboot. Everything in AD looks OK. I also found an event log entry for NETLOGON, EventID 3210: This computer could not authenticate with(DOMAINCONTROLLER), a Windows domain controller for domain (DOMAIN), and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator. I'm going to try deleting my computer account and rejoining the domain. Any other suggestions? Joe K
September 7th, 2007 10:42am

OK deleting the computer account and rejoining the domain didn't help. Most of the people having this problem solved it by rejoining... I'll keep looking.
Free Windows Admin Tool Kit Click here and download it now
September 11th, 2007 9:55am

I hope someone from Microsoft is watching this, maybe for SP1. I am seeing this happen around the Internet, so they should know by now. For my situatuion, I am running Vista Business on a 2003 AD. I receive the error message, "the trust relationship between this workstation and the primary domain failed" usually when I am using RDP or Remote Desktop. I remote from another Vista PC. If I go back to the PC in the office and log in everything is fine. I have removed the office PC from the domain and rejoined. I have even renamed the PC during one remove and rejoin. But I still get the message when connecting remotely. I created a second local account with administrator priveledges, but not I thing something has removed it from the Administrators group as it is no longer working. Probably due to the domain join process. Other complaints related to this message come from users that have used a system restore point, or have tried to use the same computer name on the domain for their Vista and XP PCs. I have not done either of these. The system restore point cause makes sense, but in my opinion should not happen either. Basically Vista is now not usable for me and I was the one "bleeding edge" user in my organization that was willing to try Vista as my primary desktop OS. I work remotely and this issue has removed that capability. I hope to see this fixed with SP1, if not I probably will not be coming back to Vista for a long time.
October 26th, 2007 3:43am

Hi Folks, I am exeperiencing the sam issue described at least twice a day. I have tried all the suggestions on the internet ie re-join domain, change password, remove/add computer name etc etc... Nothing seems to work. I am starting to think that it may be my wireless connection.... I am using netgear WNR854T router with an Atheros AR5008x client...I am wondering if others who have experienced this problem have a similar environment?
Free Windows Admin Tool Kit Click here and download it now
December 10th, 2007 5:58pm

First some basics you most likely already know. 1. Computers are security principals just like users 2. Computers authenticate to the domain on startup 3. Computers change their password every 30 days by default 4. Restore Points restore the computer password present at the time of the restore point 5. If the local password and the domain password are not the same the computer must re-join the domain 6. None of these things seem to be the issue here. IF you have not already, I suggest filing a bug report. Do not expect Microsoft to find these issues here, they must be reported.
December 10th, 2007 6:51pm

Thanks...well aware of the basics. If you read the following http://blogs.technet.com/asiasupp/archive/2007/01/18/typical-symptoms-when-secure-channel-is-broken.aspxyou will see why i suspect it may be the wireless network temporarily losing the network connection during the sync process... Quote from link above "If there are problems with system time, DNS configuration or other settings, secure channels password between domain members and DCs may not synchronize with each other. AD replication issue, other electronic problems may cause secure channel broken to member servers. To DCs, the secure may broken due to communication issues."
Free Windows Admin Tool Kit Click here and download it now
December 10th, 2007 11:09pm

Below are some other suggestions from Eventid.net. I know that this is not XP, but interesting that Anti-Virus can potententially cause this. This may occur if "Restrict Anonymous" was set through Group Policy. See KB281733 to fix this problem. This problem can also occur if you are using F-Secure Anti-Virus version 5.3 on Windows XP, because F-Secure Anti-Virus version 5.3 is not compatible with Windows XP. See KB831348 for more details.
December 12th, 2007 1:01pm

Interestingly, this issue only started occuring in my environment when i upgraded my laptop firmware causing me to re-activate Vistawith a new authorisation key. I have noticed two intriguing events prior to every event 3210: 1. Software Licensing Services (SLC - security licensing events 901 902 & 903) stops and restarts 2.Desktop windows manager has exited (event 9009)
Free Windows Admin Tool Kit Click here and download it now
December 17th, 2007 12:42am

I have the same problem since I upgraded my BIOS. I have a Dell Latitude D630 and took the BIOS from revision A02 to A05. After the new BIOS had loaded I rebooted my machine and was able to use it for 30mins or so with multiple Drive mappings, multiple MSTSC's, connections to the internet and Exchange then all of a sudden "bang" a load of error messages saying all my MSTSC connections had closed, I couldn't ping anything and now I'm stuck. I cant roll back the BIOS. I have updated the Intel Chipset & Network Card Drivers and still cant connect. I have removed the computer account from AD and tried to rejoin with the same name - still cant connect. I have renamed the laptop, moved it to a workgroup, rebooted, joined domain again - this time it joined the domain successfully (computer account with new name exists in AD) but I still have no network connectivity (in the Network and Sharing Centre itsays I am connected to an 'Unidentified Network') Is this a SID issue? Can I create a new SID or does renaming the PC create a new SID (or does it simply provide a new name to the existing SID)? Please help I am desperate Dazman98
December 21st, 2007 12:41am

How are you able to join the domain without network connectivity? I think this is not possible. I would suggest uninstalling and re-installing the NIC. Can you ping the DC? can you use NSLOOKUP successfully for local and/or internet names? How is your DNS configured on the client? Is it pointing to a DNS server authoritive for your domain?
Free Windows Admin Tool Kit Click here and download it now
December 27th, 2007 4:31pm

Ok this may be the answer....previously i've been exeperiencing this problem at least twice a day and now it been 20 hours without an issue..... I found this link http://support.microsoft.com/kb/888926/en-usand even though i don't use ISA I went through the Step 1 to cleanup my certificates and what i did find was interesting: 1.) SBS 2003 places the computer certificate into 'Remote Desktops - Certificates' which is not valid under vista 2.) I copied the certificate to 'Trusted Root Certification Authorities - Certificates' and rebooted. 3.) Now been 20 hours without issue....lets hope this is it???
December 29th, 2007 10:23pm

Sorry Folks, this didn't work....back to losing the trust relationship....This is one weird problem.
Free Windows Admin Tool Kit Click here and download it now
December 30th, 2007 5:43pm

Yes I got the same message when I tried to login, I "just get out from domain and rename the PC and rejoin to the domain" now it's working perfectly...
January 2nd, 2008 3:03am

Hey guys the problem has disappeared after I applied the latest Vista and SBS 2003 patches released Thursday 10 Januart 2008.
Free Windows Admin Tool Kit Click here and download it now
January 11th, 2008 4:22pm

Four days without rebooting!!!! Yeah, i think it fixed.
January 13th, 2008 9:57pm

Mike, I've been seeing this same problem between Server 2003 RC2 and several Vista Ultimate/Business workstations. Sounds like you might have found a fix. Do you happen to know the KB #'s for the "Jan 10 2008" fixes you loaded? I can't seem to find them available on either the Vista or 2003 boxes.
Free Windows Admin Tool Kit Click here and download it now
January 14th, 2008 2:54pm

I am running Vista Enterprise w/ Service Pack 1 and Windows Server 2003 SP2 with all the updates...I am still having this issue!!! Any ideas?
January 15th, 2008 5:28pm

These are the fixes i applied: Vista Ultimate: KB943411, KB943899, KB943302, KB941644, KB935509 ( I think 935509 isthe key fixbecause it has something to do with SP1 for Vista) SBS 2003 Standard :KB943485, KB941644 All working wonderfully well. Almost a week without a re-boot yeah!!!
Free Windows Admin Tool Kit Click here and download it now
January 15th, 2008 8:41pm

Well, I unistalled SP1 RC from Vista and Installed KB943485, KB941644 on my servers and I am now able to log in....tis is a really weird issue.I hope this is not just coinscidence....maybe those two updates really fix the problem...I guess we will find out. Thanks for the tip Mike!
January 16th, 2008 11:29am

hey guys, i installed all the service updates and it still hasnt worked. any ideas why this would not take effect???
Free Windows Admin Tool Kit Click here and download it now
February 25th, 2008 7:19am

have you gota link or know which updates you applied? i have tried several updates and have got no where.
February 25th, 2008 7:31am

Guys, This is indeed a strange issue,I have had this start happening once I installed SP1 and after I RDPed to my workstation. Both Machines run Vista x86 SP1. I have done the usual disconnecting from AD and back to AD again, but a short time later I lost the Trust Relationship again. As per everyone else with this issue, any help would be appreciated. Marcus.
Free Windows Admin Tool Kit Click here and download it now
February 25th, 2008 6:12pm

remove the user make sure the date\time is correct adn re-join the network see if that works
June 20th, 2008 9:56am

Here is something that will cause this: Many of us have been accustomed to flushing the Prefetch cache since Windows XP to periodicially improve preformance. In Vista, there is an additional folder in C:\Windows\PreFetch called "ReadyBoot". Do not delete this folder. If you do (and you are in a domain), you will get the above error. This sounds odd, but it happened to me, and it is reproducable.
Free Windows Admin Tool Kit Click here and download it now
June 29th, 2008 11:50am

Hello, I am experiencing the same problem without any good resolution. I have Vista business and SBS 2003. What is different from many other users is that when I recieve the problem (happens immedietly after I've been logging in to the domain with my username on any other computer) is that it doesn't disappear at all. I have to make a systemrestore every time it happens. Now after the summer it has been more than 30 days and a systemrestore doesn't work. I just log into my computer without networkconnection and then connect to the network, not a very good resolution though.. Even if it's my personal useraccount that makes this happen, iteffects all the other accounts like the local administrator and the domain administrator. The readybbot-folder is still there and I'm going to switch computer andrejoin the domain, see what happens.Maybe someone have some use of the information. I'll get back after switching to my old XP computer.
August 6th, 2008 6:01am

Hi everyone. I'm having the same problem in a different flavor.Here's the scenario:My machines have been running Vista Business smoothly -well as smooth as it gets with Vista- and were connected with no server.Yesterday I setup SBS 2003 R2 Premium, created domain, user accounts and added computers. At first I had some problems in connecting the computers using http://domain/ConnectComputer, but eventually it worked on a couple of machines, so I decided to get done with these first before continuing with the rest.Now I can't login to the domain from the first screen. I get the same message -trust relationship. I logon to my station normally. I deleted the users AND the computers, recreated them and tried again, still can't login. It's not that I login then disconnect. I can't login in the first place.I went to my network, I can see the server. Double clicked on it, authenticated normally and accessed the folders. Nevertheless, I still can't login to the domain!!!Reading all the above, I updated to SBS SP2, connected via cable instead of wireless, deleted user accounts and computers then readded them, and restarted both server and client several times. None of this worked.Any advice?
Free Windows Admin Tool Kit Click here and download it now
August 9th, 2008 5:38am

Also getting the same problem, variouslaptops running Vista and XP. Only occurs on those laptops not fixed PC's. Multiple windows 2003 Servers R2. Must be related to the use on /off -line. All updatesapplied. Tried removing accounts, looging off line and rejoining. This fixes problem bou only for a short while. Any suggestions?
August 27th, 2008 3:08am

Folks, Just an update on this nagging issue. After some testing a few weeks back by setting up a Virtual DNS Server and Virtual environment remote from our own Network, it is something to do with the configuration of the corporations DNS which seems to be the culprit. The virtual network worked correctly. Until my organisation officially supports Vista, I and a few others (whom haven't applied SP1) are in limbo and the multi reboot fun. Once I/we have a resolution I will pass on what I know. Marcus.
Free Windows Admin Tool Kit Click here and download it now
August 28th, 2008 12:54am

Did anyone find a fix for this? I'm having the same issue with two Vista Business laptops.
September 18th, 2008 6:20am

Has there been any updates to this? I have a Vista SP1 machine with full patches on a Server 2008/2003 AD domain (no SBS) that is also fully patched.Unfortunately, I left the local admin off by default on the machine, so I can't do anything there to test.If there is a solution tht anyone has, I would LOVE to hear it. Everything I've run across hasn't worked.
Free Windows Admin Tool Kit Click here and download it now
October 29th, 2008 2:53pm

I ran into the same problem this morning. The solution for me was take the PC off the domain and join it back to workgroup. I deleted remaining entries from AD and DNS before joining the computer back to the domain. Seems to be fine now. Theenvironmentin my case isXP SP3 on the clientwith a W2003 Standard PDC.
November 7th, 2008 10:26am

I am a technical instructor who runs two classrooms on a Vista Enterprise network. We also have Microsoft SteadyState installed on all of the classroom workstations. Recently, we have been having this same issue. Once or twice a week, at least some of the computers in the classrooms won't allow login and dispaly the message:"The trust relationship between this workstation and the primary domain failed."Some in my organization have suggested that perhaps Microsoft SteadyState is the culprit, but I have my doubts. Does anyone else who is experiencing this problem have SteadyState on their machines?
Free Windows Admin Tool Kit Click here and download it now
February 20th, 2009 1:13pm

OK, I just solved this problem on a Server 2008 SP2 (AD) and Windows 7 x64 RC (desktop) couple... ...RDP'd to the DC then tried to RDP to the desktop - to no avail, the evil "trust relationship" came up. Local desktop logins worked and someone else confirmed it's still working inside the office... ...so I disjoined the domain, restarted the desktop, deleted its computer acc in AD, whenn it came online again rejoined the domain (you can use the same name, once it's deleted it's gone - it should ask for it during the join, remember), restarted and voila': now all designated domain user logins work via RDP from the DC.:) Maybe I'm just lucky but it did not work at all before.
July 28th, 2009 12:54am

I have also been experiecing the same issue, apart from after a bit of testing found it only happened to one AD user. Removed from the domain Log in as Local Admin Delete the account from C:\Users and the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList Restart machine Rejoin the domain Been working fine ever since.
Free Windows Admin Tool Kit Click here and download it now
March 29th, 2010 12:00pm

Today i encounter the similar issue, when i try to access another computer that is a domian member of our domain tradestead.com, it prompt me the same error, luckily after i followed the steps listed below, http://support.microsoft.com/kb/162797 the problem was gone, tradestead
April 8th, 2010 1:12am

I had to remove myself from the domain. Change the computer name. And then get back into the domain. I also deleted the domain object is active directory users and computers. That solve this issue for me.
Free Windows Admin Tool Kit Click here and download it now
May 7th, 2010 5:12pm

yeah for the same issue i did same as m swillis5 but no change the computer name , just deleted used from the domain and created same with same credentials... and join the pc again to domain ... it working...fine...till... now... since 8 months...
July 10th, 2010 5:09am

I have the same problem in out enterprise enviroment. We resolve the local issue on the PCs, by taking the PC from the domain to local admin account, change the sid, erase the pc name from computers in ad, and rejoining back on the domain. We had one PC which needed this done twice the rest were good after one time. the problem is this happened to about 20 PCs(out of about 800), and since we can't figure out the cause, i'm afraid it will continue to grow. I followed this tread, and pretty much all was followed(updates were done, unique names, sysprep part of our imaging process...). We did add another 2 new domain controllers, Windows server2010, to our enviroment, and all the issues so for are only on out windows7 PCs. the new domain controller servers were added to our colocations in preparation for our final move to this loaction where the old DCs will be retired. any ideas where to start looking? any suggestion? on the server the error log shows the generic error about not being able to resolve the name at the moment they get kicked out, but what is the root cause of this issue?
Free Windows Admin Tool Kit Click here and download it now
July 19th, 2010 5:22pm

I had this issue several years ago because of the imaging process. It was the SID that was duplicated. I used the SID tool that Microsoft used to have to download but I'm not sure if it is still available. Once it is out of the domain though, you would still have to rejoin after you run the SID tool.
August 11th, 2010 3:46pm

This worked for me too, thanks guys! 1 question - why did you change the computer name when you'd deleted the object from AD anyway? Thanks again for the assist here - took 30 mins, instead of "I don't know how long" otherwise. Much appreciation from Ireland!!! :D
Free Windows Admin Tool Kit Click here and download it now
August 12th, 2010 5:38am

I have the same issue, after I reinstalled our backup server for windows 2000 server. I am not sure if it has something to do with it because I never encountered this issues before. However, I have luckily resolved this by rejoining in the domain. First I removed from my domain, going back to ordinary workgroup. Then join the domain again. I change my DNS IP settings pointing to my primary domain controller. After successfully joining the Domain I reset the DNS IP to Obtain DNS automatically. I don't have problem rightnow but I am not satisfied with this sulotions for I am sure I am doing the same process everytime I add a client computer in our domain. Never encountered since I reformat our backup server. And another thing is I have issues on AD replication too.
November 10th, 2010 3:44am

Experienced the same issue. Re-ran the Network ID wizard to re-associate the PC which worked. Why the PC is not renewing it's kerberos ticket when it expires is the next question?
Free Windows Admin Tool Kit Click here and download it now
January 27th, 2011 2:59am

Experienced the same issue. Re-ran the Network ID wizard to re-associate the PC which worked. Why the PC is not renewing it's kerberos ticket when it expires is the next question? Yess... thanks a million. had the same issue here; didn't want to go through rejoining my domain, since everything was in place. I have a Win2008 AD domain, and a Win 7 pro workstation - in which I had this issue. Unplugged the network cable, logged on with (the same) cached credentials, and ran the network wizard when the network cable is back in place... this went just fine, rebooted with the network cable in place, and now I could logon without a problem.
March 3rd, 2011 3:46am

Hi guys... Had the same issue.....Problem fixed using the following simple steps; 1) Logon the problem machine with local administrator account 2) unjoined the machine form the AD domain 3) on the AD server, delete the machine account thumbstone 4) log back on the problem machine with local administrator account 5) join back the AD domain et voila!...... problem solved....worked great for me ;-)
Free Windows Admin Tool Kit Click here and download it now
May 25th, 2011 10:40am

Hi guys... Had the same issue.....Problem fixed using the following simple steps; 1) Logon the problem machine with local administrator account 2) unjoined the machine form the AD domain 3) on the AD server, delete the machine account thumbstone 4) log back on the problem machine with local administrator account 5) join back the AD domain et voila!...... problem solved....worked great for me ;-) Easy enough solution for one or two machines, but what do you do if you have a site that covers a metropolitan area and you have 30-40+ machines that drop out DAILY?! I need to to know what variables contribute to the password mismatch. I understand that it happens but how can I prevent it from happening?! Anyone?
June 14th, 2011 3:23pm

All of this is well and good... but what if you get the same error when logging onto the "local" administrators account? When logging on to the local admin account it shouldn't even be looking for a domain controller?? Furthermore, if I pull the cable out of the machine and try to logon to the local admin account, I get " There are currently no logon servers available to service the logon request". So how do you fix the problem if you can't get into the local admin account?? I'm using Windows Server 2008 Std. for DC and Windows 7 Professional for Workstation.... so this is definately not a Vista problem!!
Free Windows Admin Tool Kit Click here and download it now
June 27th, 2011 10:54am

Ok... I was using the wrong computer name when logging in local admin... I am now fixed until it does it again somewhere else...
June 27th, 2011 2:17pm

We've been experiencing similar issues in our office. I found that computers had been pulling incorrect Group Policy. 1.) gpedit.msc 2.) Computer Configuration --> Windows Settings --> Security Settings --> Local Policies --> Security Options 3.) Find where it says "Network security: Configure encryption types allowed for Kerberos" 4.) Check ALL of the boxes (or whichever kerberos encryption types your enterprise uses) 5.) Reboot, and fixed! Hope this helps someone.
Free Windows Admin Tool Kit Click here and download it now
July 8th, 2011 8:45am

Are all these Server 2008 R2 running Native? And, has anyone tried installing SP1? Kerberos encryption is not an issue. Rejoining domain did not fix issue. Removing Accounts and recreating did not fix it. SID are not an issue because we are using PXE boot not imaging. Suspicion about accounts maybe stemming from an old 2003 templet, but not sure. Right now we are removing the 3 old 2003 DC from our network, and upgrading our other 8 DCs to SP1.
July 11th, 2011 12:01pm

Bauer52x, I just had this issue and tried your fix from above and it worked. Thanks for posting it. Has the machine you had this happen to been working fine for you? I see you posted 5 days ago so I'm wondering if all is still well for you. Thanks, Mike
Free Windows Admin Tool Kit Click here and download it now
August 8th, 2011 11:06am

Thanks man. I searched everywhere for a solution. Yours worked. Many thanks, I won't have to get up early on Monday morning to fix this.
September 10th, 2011 9:47pm

I had the same issue with my win 7 box I resolved it by unplugging the network cable from the computer, logged on with the cash account reconnected the computer to the network then readded to the domain. restarted and had no issues with trust.
Free Windows Admin Tool Kit Click here and download it now
November 18th, 2011 10:31am

HI TO ALL, I HAD THE SAME PROBLEM, BUT IN MY CASE AND PROBABLY IN MUCH OF YOURS.... THE PROBLEM IS THE ANTIVIRUS SOFTWARE, HERE WE USE SYMANTEC AND WHEN I DISABLE IT (PERMANENTLY) THE MACHINE CONNECT AND AUTENTICATE FINE TO THE DOMAIN. THEN WHEN LOGGED IN THE MACHINE WITH DOMAIN CREDENTIALS I REENABLE THE ANTIVIRUS SOFTWARE. WUALAAAAA!!!!! ALL IS PERFECT. I HOPE BE USEFULL. jrober2p jrober2p@hotmail.com
February 3rd, 2012 1:01pm

Bauer52, Thanks for posting. This worked succesfully for the below:) The trust relationship between this workstation and the primary domain failed. Thanks, Bala...
Free Windows Admin Tool Kit Click here and download it now
March 21st, 2012 9:06am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics