Windows CA Server: Trust relationship to the Domain Failed

When a client of a server that is joined to a Windows Domain loses the trust relationship to its object in Active Directory, you normally get this error message, when you try to login:

The trust relationship between this workstation and the primary domain failed

What you then normally do is to un-join the computer from the domain and join it again.

The problem with with a Windows CA (Certificate Authority) Server is that you cannot un-join it from the domain. So that would mean you have to completely rebuild the CA server. But there is a trick to avoid that work:

Login to the Windows CA Server with a local admin account, then start cmd as Administrator and issue the following command:

netdom resetpwd /server:srvdc1 /userd:domadmin /passwordd:domadminpassword

Where "srvdc1" is just the name of one of your Domain Controllers.

Then, restart the server. That's, you should be able to login with your domain user again.

Leave a Reply

Your email address will not be published. Required fields are marked *