如果您在域环境中尝试登录运行Windows 10的计算机时,收到错误消息“此工作站与主域之间的信任关系失败(The trust relationship between this workstation and the primary domain failed)”,那么本文旨在帮助您找到最合适的解决方案解决问题。
由于“密码不匹配”而发生此错误。在Active Directory环境中,每个计算机帐户也有一个内部密码——如果存储在成员服务器中的计算机帐户密码副本与存储在域控制器上的密码副本不同步,则信任关系将是结果坏了。
此工作站与主域之间的信任关系失败
如果您遇到此问题,您可以尝试以下我们推荐的解决方案(不分先后顺序),看看是否有助于解决问题。
- 将计算机重新连接到域
- 重新建立信任
- 将域控制器添加(Add Domain Controller)到凭据管理器(Credential Manager)
- 重置计算机帐户
让我们看一下关于列出的每个解决方案所涉及的过程的描述。
1]将计算机重新连接(Reconnect)到域
Microsoft推荐的此解决方案要求您简单地将无法登录的计算机重新连接到域。
要将计算机重新连接到域,请执行以下操作:
- (Log)使用本地管理员帐户(local administrator account)登录到客户端计算机。
- 右键单击这台电脑(This PC) 并选择 属性(Properties)。
- 在左侧窗格中选择高级系统设置(Advanced system settings) 以打开 系统属性(System Properties) 窗口。
- 单击计算机名称(Computer Name)选项卡。
- 单击更改(Change) 按钮。
- 在“ Computer Name/Domain Changes” 窗口中,选中 “成员”(Member of) 标题 下的“ 工作组”并键入工作组名称。(Workgroup)
- 单击 “确定(OK) ”进行确认。
- 输入(Enter)有权将此计算机从域中删除的帐户的名称和密码。
- 单击 确定 (OK )并根据提示重新启动计算机。
- 接下来,使用本地管理员帐户重新登录到您的计算机,然后再次导航到“Computer Name/Domain Changes 窗口。
- 现在,这次检查部分成员下的(Member of) 域 。(Domain)
- 键入域的名称。
- 单击确定(OK)。
- 现在,输入域管理员帐户的帐户和密码。
- 单击“确定(OK) ”进行确认。
- 重新启动计算机。
在启动时,您可以使用您的域用户帐户成功登录。
2]重新建立信任
此解决方案需要您重新建立域控制器与客户端之间的信任,以解决此工作站与主域之间的信任关系失败(The trust relationship between this workstation and the primary domain failed)问题。就是这样:
- 按Windows key + X打开高级用户菜单。
- 点击键盘上的A以在管理员/提升模式下启动PowerShell 。
- 在PowerShell控制台中,输入或复制并粘贴以下命令,然后按 Enter(Enter):
$credential = Get-Credential
- 我(I)将域管理员帐户的用户名和密码输入到Windows PowerShell 凭据请求(Windows PowerShell credentials request)弹出登录对话框中。
- 单击确定(OK)。
- 接下来,键入或复制以下命令并将其粘贴到PowerShell窗口中,然后按 Enter(Enter):
Reset-ComputerMachinePassword -Credential $credential
- 命令执行后,退出PowerShell。
- 重新启动计算机。
现在,您可以使用域用户帐户登录您的设备并检查问题是否已解决。
3]将域控制器添加(Add Domain Controller)到凭据管理器(Credential Manager)
此解决方案要求您简单地将域控制器添加到Credential Manager。
要将域控制器添加到凭据管理器,请执行以下操作:
- 按Windows key + R调用“运行”对话框。
- 在“运行”(Run)对话框中,键入 control 并按Enter以打开“控制面板(open Control Panel)” 。
- 导航到用户帐户 (User Accounts )> 凭据管理器(Credential Manager)。
- 选择Windows 凭据(Windows Credentials)。
- 单击添加 Windows 凭据(Add a Windows credential)。
- 在对话窗口中,输入网站地址或网络位置以及您的凭据。
- 单击确定(OK) 按钮以保存更改。
- 重新启动计算机。
您现在应该能够毫无问题地在域环境中登录您的计算机。
4]重置计算机帐户
此解决方案要求您重置引发错误消息的计算机的帐户。
要重置计算机帐户,请执行以下操作:
- 按Windows key + R调用“运行”对话框。
- 在“运行”对话框中,键入dsa.msc并按Enter以打开 Active Directory 用户(Active Directory User)和计算机(Computers)控制台。
- 双击(Double-click)域名展开。
- 选择计算机(Computer)。
- 在右窗格中,右键单击无法连接到域的计算机帐户
- 选择重置帐户(Reset Account)。
- 单击 “是” (Yes )确认操作。
- 重新启动计算机。
希望这可以帮助!
The trust relationship between this workstation & the primary domain failed
Іf when you try log оn to a computer that is running Wіndows 10 in a domain envirоnment, and you receive the error meѕsage The trust relationship between this workstation and the primary domain failed, then this post is intended to help you with the most suitable solution to resolve the issue.
This error occurs because of a “password mismatch.” In Active Directory environments, each computer account also has an internal password – if the copy of the computer account password that is stored within the member server gets out of sync with the password copy that is stored on the domain controller then the trust relationship will be broken as a result.
The trust relationship between this workstation and the primary domain failed
If you’re faced with this issue, you can try our recommended solutions below in no particular order and see if that helps to resolve the issue.
- Reconnect the computer to the Domain
- Re-establish Trust
- Add Domain Controller to Credential Manager
- Reset Computer Account
Let’s take a look at the description of the process involved concerning each of the listed solutions.
1] Reconnect the computer to the Domain
This solution as recommended by Microsoft requires you to simply reconnect the computer failing to log on, to the domain.
To reconnect the computer to the domain, do the following:
- Log on to the client computer with a local administrator account.
- Right-click This PC and choose Properties.
- Choose Advanced system settings in the left pane to open System Properties window.
- Click Computer Name tab.
- Click Change button.
- In the Computer Name/Domain Changes window, check Workgroup under the Member of heading and type a workgroup name.
- Click OK to confirm.
- Enter the name and password of an account with permission to remove this computer from the domain.
- Click OK and restart your computer as prompted.
- Next, log back to your computer with a local administrator account and navigate to Computer Name/Domain Changes window again.
- Now, check Domain under Member of section this time.
- Type the name of the domain.
- Click OK.
- Now, enter the account and password of a domain administrator account.
- Click OK to confirm.
- Restart computer.
On boot, you can log on with your domain user account successfully.
2] Re-establish Trust
This solution requires you to re-establish trust between the domain controller and client to resolve The trust relationship between this workstation and the primary domain failed issue. Here’s how:
- Press Windows key + X to open Power User Menu.
- Tap A on the keyboard to launch PowerShell in admin/elevated mode.
- In the PowerShell console, type in or copy and paste the command below and hit Enter:
$credential = Get-Credential
- Input the user name and password of the domain administrator account into the Windows PowerShell credentials request pop-up login dialog.
- Click OK.
- Next, type or copy and paste the command below into PowerShell window and hit Enter:
Reset-ComputerMachinePassword -Credential $credential
- Once the command executes, exit PowerShell.
- Restart computer.
Now, you can use domain user account to log on your device and check if the issue is fixed.
3] Add Domain Controller to Credential Manager
This solution requires you to simply add the domain controller to the Credential Manager.
To add Domain Controller to Credential Manager, do the following:
- Press Windows key + R to invoke the Run dialog.
- In the Run dialog box, type control and hit Enter to open Control Panel.
- Navigate to User Accounts > Credential Manager.
- Choose Windows Credentials.
- Click Add a Windows credential.
- In the dialog window, enter the address of the website or network location and your credentials.
- Click OK button to save the changes.
- Restart computer.
You should now be able to log on to your computer in the domain environment without problem.
4] Reset Computer Account
This solution requires you to reset the account of the computer which throws the error message.
To reset the computer account, do the following:
- Press Windows key + R to invoke the Run dialog.
- In the Run dialog box, type dsa.msc and hit Enter to open Active Directory User and Computers console.
- Double-click the domain name to expand.
- Choose Computer.
- In the right pane, right-click the computer account that failed to connect to the domain
- Choose Reset Account.
- Click Yes to confirm the operation.
- Restart computer.
Hope this helps!