FIX: Windows 7 Login Error "The trust relationship between this workstation and the primary domain failed."

UPDATE: Omg, awesome! Use PowerShell’s Reset-ComputerMachinePassword, then reboot. Hat tip: Don’t Rejoin to Fix.

Don’t do what I did below. Just run Reset-ComputerMachinePassword in PowerShell and reboot.

Recently, my workstation was suddenly unable to logon to my Windows 2008 domain. After entering my domain username and password at startup, I was presented with the error: “The trust relationship between this workstation and the primary domain failed.”

Ahh, I’ve experienced something similar before and I knew I’d have to rejoin the domain. I hoped and prayed that my user profile wouldn’t be recreated and fortunately, I found a solution that not only worked, but my profile stayed the exact same:

My Computer -> Properties -> Advanced System Settings -> Computer Name -> Network ID… -> This is part of a business network… -> My Company uses a network with a domain -> Next -> Enter your domain username and password -> “An Account for this computer (“COMPUTERNAME”) has been found on the domain “DOMAIN.” Would you like to use this? Yes -> Add the following domain user account (the one you usually logon with) -> Administrator (if that’s how you roll) -> Finish -> Restart.

For those of you looking to resolve your trust issues, I hope this works for you as seamlessly as it did for me.

Chrissy is a Cloud and Datacenter Management & Data Platform MVP who has worked in IT for over 20 years. She is the creator of the popular SQL PowerShell module dbatools, holds a master's degree in Systems Engineering and is coauthor of Learn dbatools in a Month of Lunches. Chrissy is certified in SQL Server, Linux, SharePoint and network security. You can follow her on Twitter at @cl.

Posted in Active Directory, Windows
54 comments on “FIX: Windows 7 Login Error "The trust relationship between this workstation and the primary domain failed."
  1. Mark Tigris says:

    I had this problem as well, it was fixed once by flushing the DNS and rebooting, the second time I had to delete the computer from AD and rejoin it back to the domain.

  2. Clement says:

    I tried this but received a message stating access denied. I’m logged in as the administrator trying to add my regular user account…any ideas?

  3. Johnny A says:

    What do you do when you can’t even log on locally? Yes I tried the local administrator and a second local administrator.

    • Charles Mills says:

      You use a password cracker like Offline (I had to and have never had issue using it off of my hiren’s usb disk but this time had to use the MiniXP, then use the pw cracker from the GUI and it finally worked letting me get in to finish fixing)

  4. Gert Breed says:

    Plug out you network cable, use you credentials and wait for it to log on. As soon as it has logged on, plug the net cable back in. Then rejoin or apply hotfix…

  5. Adam Painter says:

    Had a similar problem when a client did a system restore on a Windows 7 PC. Logging into the domain with the cable unplugged worked a treat and the system restore was then able to complete.

  6. Ivan says:

    I had this problem as well, when two workstation with windows 7 ,when try need share folder to another windows 7 with domain (exp:computer name) got error The trust relationship between the primary domain and the trusted domain failed, any idea how to fix this ?

  7. David Brin says:

    Fantastic! I upgraded a Windows 7 client and ran into this error. I was only able to login in Safe Mode but your trick worked like a charm using the same profile. Odd glitch. Thanks for the fix.

  8. evgeni says:

    The easyest way is to rejoin the domain but the trick is that you have to change computer name olso . that fixing the problem

  9. Trent Townsend says:

    Thanks! Great fix without having to recreate/migrate profiles!

  10. Godliving says:

    Thanx Chrissy this worked out for me as well.

  11. Guest says:

    I had brought my work pc (normally connected from home's wireless using work vpn) from home back to the office & got this error when trying to login. I had wifi on while connected via ethernet. I turned wifi off, & was able to login to the network. I opened a CMD prompt & ran "gpudate /force" & it completed successfully. So guessing the dual connection (wifi & ethernet) was somehow conflicting the credentials to the domain.

  12. Hans says:

    Brilliant ! Worked for me.

  13. Bheemaraya Totad says:


  14. Erwin says:

    how about windows server 2008 R2? i have same problem while logon to domain from my windows 2008 server. please help me? i can't found network id in computer name of advanced system setting.

  15. LairBair says:

    Thank you! this worked great!

  16. Rich says:

    The big issue here is whether or not you can log in locally. One thing to check is the computer account in Active Directory. Without disjoin/rejoin, you could find that the computer account itself has been disabled. Enable the computer account and try again.

  17. this problem may fixed by renaming the domain
    the steps as follows

    pluged out the n/w cable then log into the system as administrator
    riht click and take the properties of my computer
    change setting of comuter bname,domain
    on cloputre name tab click change
    convert it tnto work group
    restart the system
    login using local administrator account
    change the setting again from workgroup to domain
    give a computer name and domain name
    if the doian is exist the system is added to the domain on the next restart
    then you can login into the system without any errors

  18. Kathy says:

    It worked!

  19. Paul says:

    Thank You! This fix works when removingadding to the domain fails to resolve the issue!

  20. guest says:

    Thank you very much. This completely solved a trust issue that I was having. The only thing I did differently was I did not add a local user when prompted.

  21. Renuka kasala says:

    wonderful… worked for me…….thank you so much…Renuka

  22. Ron says:

    what if there is a domain problem how can i fix the domain problem. Also how can i also fix a dns server problem

  23. Anisa says:

    I am at the login screen
    Everytime I try to enter the username and pw I get the answer: "the trust relationship betwee…"

    how do I log in?

  24. I created a script around the machinepwd.exe command, thus updating the secure channel password in an automated fashion. I also noticed that the Microsoft Windows Network provider order originally caused the problem (it was at the bottom), so I also added that to my script.

    ' —– ExeScript Options Begin —–
    ' ScriptType: window,activescript,invoker
    ' DestDirectory: %temp%
    ' Icon: default
    ' File: H:MachinePwd.exe
    ' OutputFile: H:Trust_Fix_and_Provider_Order.exe
    ' CompanyName: IT Department
    ' FileDescription: Trust Fix
    ' FileVersion:
    ' LegalCopyright: IT Department
    ' ProductName: Trust Fix
    ' ProductVersion:
    ' —– ExeScript Options End —–
    option explicit
    const HKEY_LOCAL_MACHINE = &H80000002
    Set wshShell = WScript.CreateObject("WScript.Shell")

    Dim LocalComputerName,arrayList,regKey,regObject,selectionStr,myStr,changeStr,otherStr,providerValueName,wshShell

    LocalComputerName = "."

    'how to test current trust, from the command prompt run
    'nltest /sc_query:DOMAIN_NAME

    'fix trust by updating/syncing secure channel password "%comspec% /c title Trust Fix & %temp%machinepwd.exe /updatepwd & echo. & echo This will continue on its own… & ping -n 6>nul",9,true

    'move microsoft windows network to the top
    Set regObject=GetObject("winmgmts:{impersonationLevel=impersonate}!\" & LocalComputerName & "rootdefault:StdRegProv")

    regKey = "SYSTEMCurrentControlSetControlNetworkProviderOrder"
    providerValueName = "ProviderOrder"
    regObject.GetStringValue HKEY_LOCAL_MACHINE,regKey,providerValueName,myStr

    arrayList = Split(myStr, ",")
    selectionStr = False
    If LCase(arrayList(0)) <> "lanmanworkstation" Then
    For i = 0 to UBound(arrayList)
    If LCase(arrayList(i)) <> "lanmanworkstation" Then
    otherStr = otherStr & "," & arrayList(i)
    selectionStr = True
    End If
    If selectionStr = True Then
    changeStr = "LanmanWorkstation" & otherStr
    regObject.SetStringValue HKEY_LOCAL_MACHINE,regKey,providerValueName,changeStr
    msgbox "Trust fix applied and provider order modification complete!", vbokonly + vbinformation, "Fix"
    msgbox Chr(34) & "Microsoft Windows Network" & Chr(34) & " is not available on this system", vbokonly + vbcritical, "Invalid"
    End If
    msgbox "Trust fix applied. Provider order modification not needed.", vbokonly + vbinformation, "Fix"
    End If

    LocalComputerName = ""
    arrayList = ""
    regKey = ""
    regObject = ""
    selectionStr = ""
    myStr = ""
    changeStr = ""
    otherStr = ""
    providerValueName = ""
    wshShell = ""


    'Eddie Jackson

  25. Jason says:

    Thank you – worked for me!

  26. jlo says:

    This worked!

  27. MarkJ says:

    Nice ninja trick! This saved me loads of time on a client site-visit. Keeping the user's profile was huge deal so glad I didn't have to remove and re-add to domain.

  28. Matt says:

    Had a similar issue with SBS 2011 and service pack update.
    Having rebooted server, two Win 7 workstations decided they would allow login to domain. Usually to get round this sort of issue i'd remove them from the domain and then add them back to establish the trust relationship. This didn't work on this occasion and I was pulling my hair out. I kept getting network patth no found. I dedided to update the network driver one one machine and tried it again and this time it successfully added to the domain. Tried the other machine and the same thing.

    Must have been something in the SP update that these workstations didn't like.
    Anyway, just thought I'd share my find.

  29. Thanks for that! Saved me a heap of trouble this morning

  30. Lyman Meng says:

    this works fine, thanks for sharing

  31. Gary Worth says:

    This worked like a charm. Thanks

  32. Charlie Buchanan says:

    Nice original fix that is listed. Thanks. Anyone know what causes this?

  33. khalid khan says:

    @@ Chrissy LeMaire @@ Sir the issue of trust Relationship is in the Server 2008 window.. and there is no Network Id ..i search more but did’t found it .please help …i will be very thankfull if you send me the solution on my email too…
    [email protected] ..
    Anyone please send me email if they have the solution…

  34. eric says:

    Thanks! Great fix without having to recreate/migrate profiles!

  35. Alex Owusu says:

    solved mine….thanks so much!!

  36. Ogi says:

    Just put the computer in workstation exit the domain.
    Go into domain controler, fint the specific computer right click on it and chose restart account. Go to the computer put it bac in the domain and PROBLEM SOLVED!

  37. saikat says:

    Just disconnect the lan and login …it will be logged in

    • Chrissy LeMaire says:

      That just uses cached credentials, and doesn’t solve the problem. PowerShell’s Reset-ComputerMachinePassword is the best way to go.

  38. Excellent Chrissy, I was more than an hour trying to set up the computer, until I read your post and solved the problem, thank you very much for sharing your wisdom with us.

  39. andreas says:

    i had the same issue, laptop had done a recovery without restore point, then wouldn’t let me in. Surprisingly, after a lot of wasted efforts, i entered in safe mode and used my previous password and i was able to enter. Cannot actually understand why the previous password worked and not the current. Now i don’t know what to do and what will happen if i restart my laptop in normal mode. Any help?

  40. teresa says:

    thank you!!!

  41. sankar.r says:

    my laptop not open domain server database error

  42. Minahajhsuen says:

    i get that error again and again

    That`s not permanent solution for the this problem

    please provide me solution for the same

    • Chrissy LeMaire says:

      You can try fixing your domain or setting your computer on fire. Both solutions should work.

  43. charles kaya says:

    hi guys i would like to know how to fix access denied when trying login in multipoint client server 2011 i need your help thinks

  44. vijendra jaiswal says:

    problem is that all time i can not do this, network cable plug out and plug in, can you share fix resolution.

2 Pings/Trackbacks for "FIX: Windows 7 Login Error "The trust relationship between this workstation and the primary domain failed.""
  1. […] Untuk workaround nomor 5 dapet referensi dari netnerd. […]

  2. […] FIX: Windows 7 Login Error “The trust relationship between … – I had this problem as well, it was fixed once by flushing the DNS and rebooting, the second time I had to delete the computer from AD and rejoin it back to the domain…. […]

Leave a Reply to Minahajhsuen Cancel reply