This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 45%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXM%3C/text%3E%3C/svg%3E)
We cannot log in the windows 2016 by Personal ID,the error message is "The trust relationship between this workstation and the primary domain failed".
I logged in by admin ID and checked the log message.The log content is as below.Would you please tell me how to fix it?
"The Kerberos client received a KRB_AP_ERR_MODIFIED error from server snetdb02$.The target name used was SNETDB02$.This indicates that the target server has failed to decrypt the ticket that is provided by the client.This occurs when the principal name (SPN) of the target server is registered with an account other than the account used by the target service.The target SPN should only be registered on the account used by the server.This error can also occur if the password for the target service account is different than the password configured in the Kerberos Key Distribution Center (KDC) for the target service.Verify that both the service and the KDC on the server are configured to use the same password.If the target domain (SNETOC.SNIJP.LOCAL) is different from the client domain (SNETOC.SNIJP.LOCAL) and the server name is not fully qualified, check for the server account with the same name in these two domains or use the fully qualified name to specify the server."
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Hi,
To fix the trust relationship between the domain and workstation, disjoint then rejoin the machine to domain.
Please don't forget to mark this reply as answer if it help you to fix your issue
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFF%3C/text%3E%3C/svg%3E)
Hi,
Firstly, i would suggest you try one of the following way(PowerShell command) :
1,Test-ComputerSecureChannel,
If the result is failed, you can try to repaire it buy the command :
Test-ComputerSecureChannel -Repair
https://video2.skills-academy.com/en-us/powershell/module/Microsoft.PowerShell.Management/Test-ComputerSecureChannel?view=powershell-5.1&viewFallbackFrom=powershell-3.05.1&viewFallbackFrom=powershell-3.
2,Reset the password for the local computer
https://video2.skills-academy.com/en-us/powershell/module/microsoft.powershell.management/reset-computermachinepassword?view=powershell-5.1
If it didn't work for you , you can the dis-joined and rejoined to the domain.
If there are any updates, welcome to share here!
Best Regards,
================================================================================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi,@Xue Mei Xu
Welcome to share your current situation if there are any updates.
Please feel free to let us know if you need further assistance.
Best Regards,
Hi,
I am checking to see if the problem has been resolved.
If there's anything you'd like to know, don't hesitate to ask.
================================================================================================
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Our server applied two patches as below and restarted,then this error appeared and no one can login, Could you confirm if these two patches would lead to this error?
Patch:
windows10.0-kb4565511-x64_fb4dba0ab9f46cec5294eb97ea608cfc32323f63
windows10.0-kb4565912-x64_7054f45ccb8d9e3d64b448b73041654a1e289827
I executed those command (1,Test-ComputerSecureChannel & 2,Reset the password for the local computer ) in the powershell and below is the result of the execution.
Windows PowerShell
Copyright (C) 2016 Microsoft Corporation. All rights reserved.
PS C:\Users\Administrator> Test-ComputerSecureChannel
True
PS C:\Users\Administrator> Test-ComputerSecureChannel -Server XXX.XXX.XXX
True
PS C:\Users\Administrator>
PS C:\Users\Administrator> Test-ComputerSecureChannel -Repair
Test-ComputerSecureChannel : ドメイン内のコンピューター アカウントのセキュリティで保護されたチャネル
パスワードをリセットできません。次の例外が原因で操作に失敗しました: ユーザー名またはパスワードが正しくありません。
。
発生場所 行:1 文字:1
PS C:\Users\Administrator> Test-ComputerSecureChannel -verbose
詳細: 対象 "XXX" に対して操作 "Test-ComputerSecureChannel" を実行しています。
True
詳細: ローカル コンピューターとドメイン XXX.XXX.XXX の間のセキュリティで保護されたチャネルは正常です。
PS C:\Users\Administrator> Set-Alias tcsc Test-ComputerSecureChannel
PS C:\Users\Administrator> if (!(tcsc))
> {Write-Host "Connection failed. Reconnect and retry."}
PS C:\Users\Administrator> else { &(.\Get-Servers.ps1) }
PS C:\Users\Administrator> Reset-ComputerMachinePassword
Reset-ComputerMachinePassword : ドメイン内のコンピューター アカウントのセキュリティで保護されたチャネル
パスワードをリセットできません。次の例外が原因で操作に失敗しました: ユーザー名またはパスワードが正しくありません。
。
発生場所 行:1 文字:1
Hi,
Can the local administrator be able to logon to the PC?
Was the method disjoin and rejoin resolve the issue?
Best Regards,
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 15%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELW%3C/text%3E%3C/svg%3E)
Hi,
We can logon with administrator ID.(can not logon with Personal ID)
And We did the dis-joined and rejoined to the domain once in the 08/12 when the issue happened fist time.
Although after that we can log in successfully, but after a few days,it failed again with the same error.
Even if we don't do anything, The server sometimes is OK sometimes not.Do we need to do it again?
Hi,
Then more infromation need to be researched .It seeems like the replication between DCs is not sync or one of the DCs failed .
I would recommend you check if the AD is healthy firstly,you can check that by command and check if any errors will happen :
Dcdiag /v >c:\dcdiag1.log
Repadmin /showrepl >C:\repl.txt
Repadmin /showreps *
Repadmin /syncall /APeD
Best Regards,
The following error happened.If you need additional information, please let me know
レプリケーションの発行中にエラーが発生しました: 1127 (0x467):
ハード ディスクにアクセスするときに、再試行の後もディスク操作を正しく実行できませんでした。30331-result.txt