The trust relationship between this workstation and the primary domain failed

4 Mar

I have a set of pooled workstations in Hyper-V using Remote Desktop Services that reset to there original state when a user logs off, I like to call these ‘Throwaway Machines’.

This is great for working with confidential and sensitive data, as well as performing modifications to the operating system as all of this is removed when the machine reverts back to its original state.

However, recently a lot of these pooled machines have dropped off the network, displaying “The trust relationship between this workstation and the primary domain failed” when a user tries to login.

The issue would appear to be that the machine password is periodically changing as part of security measures. For most machines this works perfectly well, except when one of the pooled machines resets to its original state, it also reverts back to the previous machine password, this then doesn’t match up with the new password on the domain and the trust relationship fails.

image001

to get around this there is a group policy setting that can be applied to prevent machine passwords from changing periodically:

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

  • Domain member: Disable machine account password changes
  • Domain Member: Maximum age for machine account password

Reference: http://support.faronics.com/Knowledgebase/Article/View/365/8/computers-running-deep-freeze-loose-connection-to-or-fall-off-the-domain-with-an-error-that-the-trust-relationship-between-the-domain-controller-and-the-workstation-has-failed