I have one laptop used by one user that keeps getting the following error and is unable to log in.
Trust relationship between this workstation and the primary domain has failed
Can anyone help tell me what is causing this and what I can do to stop it happening.
I have tried reformatting which helps for a while, I have also tried reformatting with a new name which helped for a while.
This problem has not affected any other user or computer which suggests it is not a problem with the domain but I don't know what to do to stop it happening.
Best Answer
When a computer joins an AD domain, a complex password is generated by the workstation and knowledge of it is sent to the DC handling the join operation. By default, workstations joined to a domain will expire their own machine account passwords every 30 days. The workstation will create a new machine password and notify the domain about it.
I see the "trust relationship... failed" error all the time when reverting to older VM snapshots. The workstation expires it's password and sends an updated one to the DC. Reverting the workstation VM to a snapshot and trying to login with a domain account causes the error. This is because the DC has the newer pw and the VM has the older one. It is this loss of synchronization that typically leads to the error you describe.
Machine account password expiration is actually initiated by the workstation so you can disable it just for this problem machine. Although there is slight elevation of risk, I make this change to all my test VM workstations before saving snapshots. The registry info is:
This info is all available from the following Microsoft KB article:
How to disable automatic machine account password changes