The trust relationship between this workstation and the primary domain failed VMware snapshot

-
This article describes a really quick way to fix the error "The trust relationship between this workstation and the primary domain failed" on a VMware virtual machine snapshot.  A permanent fix is also included at the end of the article.

Cause

For me, this error occurs all the time when I revert to snapshots of my virtual machines within VMware Workstation.  In fact, I already blogged about how to fix this issue on Nano Server here: http://howardsimpson.blogspot.co.uk/2017/09/fix-microsoft-nano-server-wont-logon-to-domain.html

The error actually describes the problem quite well.  The domain member and domain controller have a trust in the form of cryptographic data.  As you change snapshot, the domain member's data no longer matches the domain controller.

Fix

Shut Down

If your snapshot is shut down, the error will surface on the login screen when you boot the VM


There are two ways to fix this:

Fix 1
Firstly, you can log in as a local account...  some articles then talk about adding the workstation to a workgroup, restarting, then adding it to the domain again and restarting again!  A much faster way is to run the following command to reset the trust:

Reset-ComputerMachinePassword -credential <domain>\administrator

You can now logout of the local account and should now be able to login as a domain account.  You can even put this command in a little PowerShell script so it's even quicker to run (e.g. c:\resettrust.ps1).

Fix 2
The other way to fix this is essentially the same except that you run that command from your domain controller - simply connect to the domain member over PowerShell then reset the trust:

First, on the DC, add the workstation to trusted hosts so PowerShell can connect:
set-item wsman:\localhost\client\trustedhosts <workstation IP address>

Tip: Set a static IP address on the workstation so you don't have to change this between snapshots.

Then connect from the DC to the DM over PowerShell
Enter-PSsession -computername <workstation IP address> -credential <domain>\administrator

Once you're connected, run the same command as above to reset the trust
Reset-ComputerMachinePassword -credential <domain>\administrator

You should now be able to login to the domain member.

Booted

If your snapshot is booted, you will already be logged in to the VM so it might not be apparent that the trust relationship has failed.  Shift-right click an application and Run as different user to find out:



To fix the trust, on the DM, run the same PowerShell command as per the shut down method above:
Reset-ComputerMachinePassword -credential <domain>\administrator


You can also run the following command to verify the trust relationship:
nltest.exe /server:<workstation host name> /sc_query:<domain>


Permanent Fix

A long term permanent fix to this problem is to disable machine account password changes in group policy.

Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options > Domain member: Disable machine account password changes > Enabled

Comments

  1. Unknown10 June 2020 at 03:00

    Thank you so much for this post, it solved my issue!

    ReplyDelete
    Replies
    1. Unknown20 October 2020 at 20:46

      Did you try the permanent fix? That change is supposed to be put in place in the Domain Member or the Domain Controller? Didn't quite get that part.

      Delete
    2. Howard Simpson21 October 2020 at 09:15

      That change is put in place by using Group Policy Management on the Domain Controller to edit group policy e.g. the Default Domain Policy. You then gpupdate or restart the Domain Member to apply the change.

      Delete
    3. Unknown22 October 2020 at 01:12

      Thanks, Howard! Great article, btw. I have applied the change as you instructed. Hopefully that will be the last I will of this annoying problem.

      Delete

Post a Comment

Popular posts from this blog

LG TV This app will now restart to free up more memory

-
Image
This post describes how to fix the error "This app will now restart to free up more memory" which can occur when using apps such as Netflix on an LG TV after just a few minutes of use. Resolution To resolve the issue, unplug the TV then press the on/off button for 10 seconds.  Wait a further 20 seconds then plug the TV back in and turn it back on. Apps should now run without the error. Edit: The on/off button on my LG TV is directly under the standby light on the bottom of the TV. Edit: I didn't have to do this myself but one person who has left a comment said that clearing all browsing data worked for them.  I have written a post explaining how to do this: LG TV Clear All Browsing History Data . Edit: A few other people have also suggested turning off quick start in settings (and if it's already off, turn it on then off again).  I have written a post explaining how to do this: LG TV turn off Quick Start in settings Related Posts -  LG TV delete/remove/hide ch
Read more

LG TV Clear All Browsing History Data

-
Image
This post describes how to clear all browsing history data from an LG TV. This is one way to resolve the error " This app will now restart to free up more memory " sometimes seen on LG TVs. Process The process to clear all browsing history data is as follows: 1. Press the Home button on the remote control and keep pressing right until you find the Web Browser then open it. 2. Scroll the wheel on the remote control to reveal the pointer on screen, then press the three dots stacked vertically (located in the top right of the screen, next to the close button) to open the Menu. 3. Select Settings from the Menu. 4. Scroll to the bottom of the Settings to reach the Clear Browsing Data section. 5. Press the Clear All Browsing Data button then press Yes to confirm. Related Posts -  LG TV turn off Quick Start in settings -  LG TV move or delete apps and shortcuts on home screen
Read more

LG TV turn off Quick Start in settings

-
Image
This post describes how to turn off Quick Start on an LG TV. This is one way to resolve the error " This app will now restart to free up more memory " sometimes seen on LG TVs. Process The process to turn off Quick Start on my LG TV is as follows: 1. Press the Settings (cog icon) on the remote control, this opens the side settings menu on the right hand side of the TV screen. 2. Go down to All Settings (the three dots icon that turns into a cog icon on the screen) then click. 3. Go down until you reach General (the cog and spanner icon) 4. Press right then down until you reach Quick Start+ (note: you may need to select Additional Settings before doing this on some LG TVs). 5. Toggle Quick Start+ to the off position (the circle should slide to the left): Related Posts -  LG TV Clear All Browsing History Data -  LG TV move or delete apps and shortcuts on home screen
Read more