September 29th, 2015

The trust relationship between this workstation and the primary domain failed, what does this mean?

Just like users, machines have domain accounts. And just like user accounts, machine accounts have passwords. And just like user account passwords, machine account passwords expire (by default, every 30 days). Now, you don’t normally notice any of this because machines automatically change their machine account passwords before they expire.

Well, you notice it when something gets messed up.

One way you can trigger a password mismatch is to roll back a VM past a password change point. The machine will roll back to using the old password, which is not the correct password any more.

Another way you can run into this is by leaving a machine off the network for a few months. The machine password on the domain will expire, and the machine will be locked out of the domain.

If you get into this state, the standard solution is to leave the domain, and then rejoin it.

Bonus reading: How to disable automatic machine account password changes. The article also describes why machine account passwords expire in the first place.

Author

Raymond has been involved in the evolution of Windows for more than 30 years. In 2003, he began a Web site known as The Old New Thing which has grown in popularity far beyond his wildest imagination, a development which still gives him the heebie-jeebies. The Web site spawned a book, coincidentally also titled The Old New Thing (Addison Wesley 2007). He occasionally appears on the Windows Dev Docs Twitter account to tell stories which convey no useful information.

0 comments

Discussion are closed.