搜尋本站文章

2017-06-13

[PowerShell]:The trust relationship between this workstation and the primary domain failed:此工作站和主網域之間的信任關係失敗


使用 [PowerShell]:Reset-ComputerMachinePassword 來解決主網域與工作站之間的信任關係(trust relationship)失敗之問題。
不用操作多次的「系統內容」工具來退出網域,再重新加入網域。

若是遇到

The trust relationship between this workstation and the primary domain failed.
此工作站和主網域之間的信任關係失敗

-- 01_網域帳戶登入_失敗



重現錯誤的流程:

  1. VM 環境,且已經加入到 Windows AD(Active Directory) 網域
  2. 因故使用快照(Snapshot),將VM還原到特定時間點
  3. 再度登入網域環境時,將遭遇次錯誤

示範的作業系統:
Windows Server 2012 R2



[PowerShell]:Reset-ComputerMachinePassword

使用[PowerShell]:Reset-ComputerMachinePassword,重置此電腦的密碼,並使用此驗證到網域控制站。
解決主網域與工作站之間的信任關係(trust relationship)失敗之問題

Reset-ComputerMachinePassword 語法:

Reset-ComputerMachinePassword -Server {domain controller} -Credential {domain admin}


參數說明:

-Server:輸入網域控制站的名稱。

-Credential:輸入具備此操作權限的帳戶。之後 cmdlet 將產生提示視窗,請再輸入密碼。
於 Windows PowerShell 3.0 導入此參數。



範例:[PowerShell]:Reset-ComputerMachinePassword

步驟01:若遭遇網域帳戶登入失敗,先改用本機管理者帳戶登入,例如:


.\Administrator

-- 02_改用本機管理者登入




步驟02:執行:Reset-ComputerMachinePassword

Reset-ComputerMachinePassword -Server DC01 -Credential mydomain\dcdmin

-- 03_PowerShell



步驟03:輸入密碼

-- 04_PowerShell_輸入password



-- 05_PowerShell_輸入password後




步驟04:[PowerShell]:Restart-Computer,重新啟動電腦

Restart-Computer


-- 06_Restart-Computer





步驟05:重新啟動作業系統後,應可以回復正常,使用網域帳戶來登入此主機。



錯誤訊息

This computer could not authenticate with \\XYZ01.XYZ.XYZ, a Windows domain controller 
for domain XYZ , and therefore this computer might deny logon requests. 

This inability to authenticate might be caused by another computer on the same network
 using the same name or the password for this computer account is not recognized. 

If this message appears again, contact your system administrator.


-- 07_Windows_Event_Logs_NETLOGON

 

-- 08_網域帳戶_以SID方式呈現,失去驗證



-- 09_經過重新與網域控制站的驗證後,SID帳戶,已恢復為正確的名稱





解決方案

解決
The trust relationship between this workstation and the primary domain failed:此工作站和主網域之間的信任關係失敗。

可以使用以下的方案:

(一) [PowerShell]:Reset-ComputerMachinePassword

Reset-ComputerMachinePassword
https://msdn.microsoft.com/powershell/reference/5.1/microsoft.powershell.management/Reset-ComputerMachinePassword

(二) 退出網域後,再重新加入網域

"The trust relationship between this workstation and the primary domain failed" error when you log in to Windows 7
https://support.microsoft.com/en-us/help/2771040/-the-trust-relationship-between-this-workstation-and-the-primary-domain-failed-error-when-you-log-on-to-a-computer-that-is-running-windows-7


(三) Netdom

適用於 Windows Server 2003, Windows Server 2008, Windows Server 2003 R2, Windows Server 2008 R2, Windows Server 2012, Windows Server 2003 with SP1, Windows 8
由於是明碼方式輸入帳戶密碼,請謹慎使用。

Netdom
https://technet.microsoft.com/en-us/library/cc788049(v=ws.11).aspx




參考資料

Fix: The trust relationship between this workstation and the primary domain failed
https://blog.blksthl.com/2013/03/18/fix-the-trust-relationship-between-this-workstation-and-the-primary-domain-failed/

"The trust relationship between this workstation and the primary domain failed" error when you log in to Windows 7
https://support.microsoft.com/en-us/help/2771040/-the-trust-relationship-between-this-workstation-and-the-primary-domain-failed-error-when-you-log-on-to-a-computer-that-is-running-windows-7

VMware Knowledge Base (KB)
Connecting to linked clones in VMware Horizon View fails with the error: The trust relationship between this workstation and the primary domain failed (2084433)
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2084433

Domain member: Maximum machine account password age
https://technet.microsoft.com/en-us/library/jj852252(v=ws.10).aspx

Netdom
https://technet.microsoft.com/en-us/library/cc788049(v=ws.11).aspx

Reset-ComputerMachinePassword
https://msdn.microsoft.com/powershell/reference/5.1/microsoft.powershell.management/Reset-ComputerMachinePassword

Restart-Computer
https://msdn.microsoft.com/en-us/powershell/reference/5.1/microsoft.powershell.management/restart-computer