Are you trying to fix the broken trust relationship between workstation and domain?
This guide will help you.
Broken trust relationship between workstation and domain happens when a user tries to log in to the workstation using domain credentials.
This issues occurs when the machine you are trying to access can no longer communicate securely with the Active Directory domain to which it is joined.
In this context, we shall look into how to fix this Windows error.
In order to resolve this error, we remove the computer from the domain and then connect the computer to the domain:
1. First, we use a local administrator account to log on to the computer.
2. Next, we select Start, press, and hold (or right-click) Computer >> Properties.
3. After that, we select Change settings next to the computer name.
4. On the Computer Name tab, we select Change.
5. Then under the Member of heading, we select Workgroup and type a workgroup name and then select OK.
6. We click on Ok when we are prompted to restart the computer.
7. Then on the Computer Name tab, we select Change again.
8. Under the Member of heading, we select Domain and then type the domain name.
9. After that, we select OK and then type the credentials of the user who has permissions in the domain.
10. Finally, when we are prompted to restart the computer, we select OK and restart the computer.
Another way to resolve this error is by using PowerShell.
1. First, we open the PowerShell console using the Test-ComputerSecureChannel cmdlet:
2. In case, if the passwords do not match and the computer cannot establish a trust relationship with the domain, the command will return the below message:
False – The Secure channel between the local computer and the domain ibmimedia.com is broken.
3. Then to force a reset, we run the below command:
Test-ComputerSecureChannel –Repair –Credential (Get-Credential)
4. Then to reset a password, we enter the credentials of a user account having the privilege to reset a computer account password.
The user must be delegated the permissions to manage computers in Active Directory.
5. Then we run Test-ComputerSecureChannel again to make sure it returns True.
6. So the computer password has been reset without a restart or manual domain rejoin.
Now we can logon to the computer using the domain account.