Hi,
To fix the trust relationship between the domain and workstation, disjoint then rejoin the machine to domain.
Please don't forget to mark this reply as answer if it help you to fix your issue
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
We cannot log in the windows 2016 by Personal ID,the error message is "The trust relationship between this workstation and the primary domain failed".
I logged in by admin ID and checked the log message.The log content is as below.Would you please tell me how to fix it?
"The Kerberos client received a KRB_AP_ERR_MODIFIED error from server snetdb02$.The target name used was SNETDB02$.This indicates that the target server has failed to decrypt the ticket that is provided by the client.This occurs when the principal name (SPN) of the target server is registered with an account other than the account used by the target service.The target SPN should only be registered on the account used by the server.This error can also occur if the password for the target service account is different than the password configured in the Kerberos Key Distribution Center (KDC) for the target service.Verify that both the service and the KDC on the server are configured to use the same password.If the target domain (SNETOC.SNIJP.LOCAL) is different from the client domain (SNETOC.SNIJP.LOCAL) and the server name is not fully qualified, check for the server account with the same name in these two domains or use the fully qualified name to specify the server."
Hi,
To fix the trust relationship between the domain and workstation, disjoint then rejoin the machine to domain.
Please don't forget to mark this reply as answer if it help you to fix your issue
Hi,
Firstly, i would suggest you try one of the following way(PowerShell command) :
1,Test-ComputerSecureChannel,
If the result is failed, you can try to repaire it buy the command :
Test-ComputerSecureChannel -Repair
https://video2.skills-academy.com/en-us/powershell/module/Microsoft.PowerShell.Management/Test-ComputerSecureChannel?view=powershell-5.1&viewFallbackFrom=powershell-3.05.1&viewFallbackFrom=powershell-3.
2,Reset the password for the local computer
https://video2.skills-academy.com/en-us/powershell/module/microsoft.powershell.management/reset-computermachinepassword?view=powershell-5.1
If it didn't work for you , you can the dis-joined and rejoined to the domain.
If there are any updates, welcome to share here!
Best Regards,
================================================================================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi,
Then more infromation need to be researched .It seeems like the replication between DCs is not sync or one of the DCs failed .
I would recommend you check if the AD is healthy firstly,you can check that by command and check if any errors will happen :
Dcdiag /v >c:\dcdiag1.log
Repadmin /showrepl >C:\repl.txt
Repadmin /showreps *
Repadmin /syncall /APeD
Best Regards,