Trust Relationship between Domain and Member

When you log on to domain you may receive the following error:

 The trust relationship between this workstation and the primary domain failed.

This may happen because of the following reasons:

1. Machine account for the member computer wasn’t updated with PDC within 30 days or maximumpasswordage registry entry was set too low and that time PDC wasn’t available.

2. Member computer account is not known by domain and has lost its GUID.

This is absloutely a Netlogon Secure channel issue.

To recover from this:

1. Start Windows 2000 Server.

2. Let the login screen come up. (Do not try to get in). TCP/IP stack is loaded properly here.

3. Next use *Netdom* utility (remotely) to reset computer account for this workstation. You can do so from a member computer or PDC itself.


You can run this command remotely on a computer that interacts with desktop using PSEXEC from

Netdom utility is part of Support Tools.

Sometimes you may get above error if Netlogon service is stopped for no reason. You can start this service using MMC console from a member computer.

5 thoughts on “Trust Relationship between Domain and Member”

  1. Hi Nirmal ,
    I have browsed the web site for solution for several days, and only your explanation makes sense ; as per web page
    The problem is every time I restored the Ghost image, I got this “Trust relationship failed” error. I don’t have Domain administrator rights to re-join the workstation to the Domain (this fix the problem every time) ; and it is annoying to bother the domain adminstrator to re-join the workstation to the Domain. I only have local administrator & domain user rights.
    Is there a way to fix this problem after restoring Ghost image ; or another solution better than using Ghost in restoring workstation image to Domain ?

    Thank you and looking forward for your expertee ‘s advice ,


    (MCSE, CNE)

  2. Hi,

    You may have the following issues with your restoration/image:

    1. Ghost image wasn’t build properly. Is this happening with all the clients?
    2. You’re restoring a image which is 30 days old. Computer account passwords get expired within 30 days. Domain member computers must update password with DC within said days.


Leave a Reply

Your email address will not be published. Required fields are marked *