asked on

fix for 'no computer account for domain trust relationship' domain login error

Microsoft updates claimed another machine. this domain workstation this morning gives the 'no computer account for trust relationship' error refusing login to domain network/server. i can disconnect the Ethernet cable, log in, reconnect the cable and all is perfect. this is a doc workstation with client server patient management, xray, patient charts, plus all the usual suspects. 6 mo old Dell 640 single Server 2016 domain controller, dhcp role, dns role, os raid 1, data 8 drive raid 6. medium size dental practice.

i know to recreate the trust the hard way but will recreate user and loose his desktop, setting etc which i would prefer to avoid as would he.

can i reestablish the computer account trust via a simpler and less destructive procedure?

strivoli

You can disjoin a PC from Domain and rejoin without loosing any User, Profile, ...

strivoli

Did you try searching a newer Driver for the NIC? Login is allowed even though connection PC/AD is not fully working. NIC might get fully connected a few seconds after the User tries to login. A newer NIC Driver might help.

Hello There

You can use Powershell command:

Test-ComputerSecureChannel -Repair

Open in new window

i know to recreate the trust the hard way but will recreate user and lose his desktop, setting etc which i would prefer to avoid as would he.

A hard way? If you get the domain trust error, a solution is to disjoin the computer from the domain, then delete the computer account from Active Directory and join the computer back to the domain... Or you can use the command I provided. You don't lose any user settings or data. It has nothing to do with a user, it's computer<->domain trust issue.

Chris Cadey

Log on as local admin,

disconnect machine from domain

re add to domain,

Like Hello There says, it shouldn't affect the users domain profile, it will still be there after the re add.

Tim Livers

ASKER

Interesting. I assume you replace test with something local?

Tim Livers

ASKER

I did the local admin procedure on another of the exact same error earlier and it reset the user profile and I had to recreate plus lost all local passwords

Chris Cadey

join it to a 'workgroup' to get out of the domain

Tim Livers

ASKER

That’s what I meant by the hard way. It recreated the computer trust but was a major headache

Tim Livers

ASKER

Did the workgroup join as part of the reset. Then rejoined. That’s the session that while fixed trust, lost profile.

Hello There

Interesting. I assume you replace test with something local?

If this is a response to me, the answer is no. You use the command as it is.

If you lost the profile, something had to be really wrong. I use the procedure I described and I've never lost anything.
I'd say this was an exception and you shouldn't be worried to disjoin the computer from a domain next time.

Tom Cieslik

This is NOT hard way !
I did it many time in my life. If for some reason trust between computer and domain controller failed only one way to repair it is to remove computer from domain then re-join again.
There is no consequences this action.
Only one think you must know is local user password and local user must be a member of local Administrators group

Tim Livers

ASKER

To Hello there,

ref

test-computersecurechannel - repair

im onsite and have run your powershell command (as administrator) and it returns 'FALSE'. with and without the '-repair' I had as associate recreate the computer trust issue on a test server/lan and tested this command and it returned true without the -repair. with the -repair it returned the original computer trust denied error.

thoughts?

Thx

This question needs an answer!

Become an EE member today

7 DAY FREE TRIAL

Members can start a 7-Day Free trial then enjoy unlimited access to the platform.

View membership options

Learn why we charge membership fees

We get it - no one likes a content blocker. Take one extra minute and find out why we block content.