IT Error Decoder
Windows Admin

How to Fix The trust relationship between this workstation and the primary domain failed

Error message

The trust relationship between this workstation and the primary domain failed.

If you're seeing "The trust relationship between this workstation and the primary domain failed", you're not alone. Here's what it means, why it happens, and the steps to resolve it.

What this error means

The machine's secure channel password is out of sync with what the domain controller has on file, so the computer can't authenticate to the domain.

Why this happens

The computer was offline or restored from a snapshot for too long, was rejoined or removed from the domain, or the computer account password was reset out-of-band.

Step-by-step fix

  1. Sign in locally as a local administrator.

  2. Reset the secure channel without unjoining the domain (preferred).

    command
    Reset-ComputerMachinePassword -Server <DC-FQDN> -Credential (Get-Credential)

  3. If that fails, test and repair the secure channel.

    command
    Test-ComputerSecureChannel -Repair -Credential (Get-Credential)

  4. Reboot and sign in with a domain account.

Affected products

Windows Admin

Still broken? Try these

  • Confirm time sync — Kerberos breaks if clock skew exceeds 5 minutes.
  • Check the computer account exists and isn't disabled in AD.
  • As a last resort, unjoin and rejoin the domain (this changes the SID-bound account).

Related errors

Frequently asked questions

What does "The trust relationship between this workstation and the primary domain failed" mean?

The machine's secure channel password is out of sync with what the domain controller has on file, so the computer can't authenticate to the domain.

What causes "The trust relationship between this workstation and the primary domain failed"?

The computer was offline or restored from a snapshot for too long, was rejoined or removed from the domain, or the computer account password was reset out-of-band.

How do I fix "The trust relationship between this workstation and the primary domain failed"?

1. Sign in locally as a local administrator. 2. Reset the secure channel without unjoining the domain (preferred). 3. If that fails, test and repair the secure channel. 4. Reboot and sign in with a domain account. Always test changes in a non-production environment first.

Browse more errors in Windows Admin: Fix Windows administration errors. Access denied, RPC server unavailable, trust relationship failures, Group Policy errors, and network path issues. Or paste your own error into the error decoder tool to find a match. You can also go back to the homepage to browse common errors by topic.