How to establish trust relationship when logging in with the old password and network disabled

domain-controllerpasswordtrust-relationship

I have two computers in the same domain that I use, recently I changed the domain password on one of them.

When I tried to login with the same account on the other machine I get:

The trust relationship between this workstation and the primary domain failed.

I knew that I can log with that account and the old password if I just disable the network connection. So I logged in with the network disabled and the old password and it work.
If I try to refresh the trust by locking and unlocking this time with the network enabled I get the same:

The trust relationship between this workstation and the primary domain failed.

If I disable again the network I can log in with the old password. If I enable afterwords the network connection I am able to see the domain dns, etc.

How to establish trust relationship from this situation without having access to domain control server?

Best Answer

If you have no possible network access to the DC you are out of luck. If your network still has access do the below.

Open Powershell as an administrator

Reconnect the network cable

Run Test-ComputerSecureChannel -Credential Domain\Username -Repair at the powershell command prompt.

Additional Note: The Domain\Username needs to have enough AD Permissions to reset the computer account password.

Related Solutions

Domain – How to update domain password cache over vpn

With XP you can connect to the VPN first and then login (from the ctrl-alt-del). Just hit ctrl-alt-delete and check the "Log on Using dial-up connect" to get the VPN choice. Connect VPN, then log-in with current domain creds.

I should qualify that a bit. I know you can if you using the built-in VPN client. I'm assuming the same applies with 3rd party clients as well.

Ssh – How to automate SSH login with password

Don't use a password. Generate a passphrase-less SSH key and push it to your VM.

If you already have an SSH key, you can skip this step… Just hit Enter for the key and both passphrases:

$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.

Copy your keys to the target server:

$ ssh-copy-id id@server
id@server's password:

Now try logging into the machine, with ssh 'id@server', and check-in:

.ssh/authorized_keys

Note: If you don't have .ssh dir and authorized_keys file, you need to create it first

to make sure we haven’t added extra keys that you weren’t expecting.

Finally, check to log in…

$ ssh id@server

id@server:~$

You may also want to look into using ssh-agent if you want to try keeping your keys protected with a passphrase.

Best Answer

Related Solutions

Domain – How to update domain password cache over vpn

Ssh – How to automate SSH login with password

Related Topic