Windows CA Server: Trust relationship to the Domain Failed

When a client of a server that is joined to a Windows Domain loses the trust relationship to its object in Active Directory, you normally get this error message, when you try to login:

The trust relationship between this workstation and the primary domain failed

What you then normally do is to un-join the computer from the domain and join it again.

The problem with with a Windows CA (Certificate Authority) Server is that you cannot un-join it from the domain. So that would mean you have to completely rebuild the CA server. But there is a trick to avoid that work:

Login to the Windows CA Server with a local admin account, then start cmd as Administrator and issue the following command:

netdom resetpwd /server:srvdc1 /userd:domadmin /passwordd:domadminpassword

Where "srvdc1" is just the name of one of your Domain Controllers.

Then, restart the server. That's, you should be able to login with your domain user again.

One thought on “Windows CA Server: Trust relationship to the Domain Failed”

Leave a Reply

Your email address will not be published. Required fields are marked *