The trust relationship between this workstation and the primary domain failed

It is certainly something I've encountered NUMEROUS times when moving VMs around.

People used to just say to take it off the domain and then rejoin, but the easier way is to perform the following to re-establish the secured-channel.

netdom resetpwd /Server:DC /UserD:Administrator /PasswordD:mysuperpassword

http://www.vladan.fr/trust-relationship-workstation-domain-fails-fix-without-double-reboot/

did you leave the original VMs running, or turn them back on after the export, if so YES!

Hi both,

#Andrew, Once I made the did the export, I then powered up the orginal VM and only powered it down prior to me bring up the server on the new infrastructure.

#Matt, which box will I run the command from? Do I have to log into the box with the issue or can you command be issued from another box?

To get it back on the domain and happy again you would run that command from the workstation in question.

So, if you did what I think you saying.....

1. Power off VM
2. Exported it.
3. Power on VM (again).
4. Import VM
5. Turned off original
6. Turn on Imported (exported VM).

This will break the trust. because your copy is outdated, compared to the original, you have sent the VM back in time, and the Domain knows this!

Once it's Exported, you should never turn it on again!

Until it's been Imported!

Ok, sounds good.

I was hoping to carry out some testing before I made the switch over to the new kit but hey, at least I now know what the problem is.

So Ive got three machines which need exporting, can I do them one at a time? For example, Ive got three servers, 1 x Terminal Server, 1 x SQL Server and 1 x domain controller all running Windows 2008 R2. I can just about export one machine per night due to network speed, power it up and then leave off the old ones.

Think that has to be the plan going forward unless you chaps know of any reason why this wont work?

Thanks
SycamoreIT

By doing them one at a time, which one should I do first, the DC (the other two servers are member servers).

Im just worried if I need to roll back to the old DC after a few days and then cant logon due to this error due to the date difference?

So now you know the reason why the trust is failing, because your VM is older than the domain is expected the Server to be!

So Ive got three machines which need exporting, can I do them one at a time? For example, Ive got three servers, 1 x Terminal Server, 1 x SQL Server and 1 x domain controller all running Windows 2008 R2. I can just about export one machine per night due to network speed, power it up and then leave off the old ones.

Yes, that will work perfect, with no issues.

Do the DC first.

1. Power OFF.
2. Export
3. Import
4. Power on in new location.
5. DO NOT TURN ON THE OLD DC, after Export.

Ok, first of three done. The DC is up and running. Going to let it run for the night and ensure its all good then delete the old machine and free up disk space so I can export the others.

Anything I need to look out for when doing Database or Terminal Servers guys?

Thank you.