The virtual machine lab environment that was recently delivered in the project suddenly appeared "the trust relationship between this workstation and the primary domain failed" issue, Virtual machines that cause many tests cannot log into the domain environment.
How is this problem caused? Frankly you can go to Bing Google a similar question that will probably tell you the error is usually caused by the access to the host can no longer ensure secure communication with the Active Directory domain that is currently joined. The private security credentials of the current host and the values in the domain controller do not match. Of course, it's easy to interpret security credentials as passwords, but you know that the domain environment passes very strict Kerberos authentication, so the actual Kerberos keytable encryption is stored in the local security authorization subsystem, so if you are logged on as a domain account on the host, If you verify that private credentials are stored locally and do not match the Kerberos ticket received from ActiveDirectory, the system considers it unsafe and the trust relationship fails to build.
Of course, this error is mostly due to the system time is not synchronized with the system time on the domain controller; Considering the virtual machine environment, refreshing a snapshot of a virtual machine to a point in time is likely to be months or even years ago; when this machine is reset, it is likely that there will be no automatic password changes performed by the domain controller during this period. Be aware that this host password must maintain the integrity of the security domain in the context of the environment.
See more highlights of this column: http://www.bianceng.cnhttp://www.bianceng.cn/Servers/virtualization/
So how does this problem come about? The simplest method, also in our activities, I started to recommend to students, to restore and establish trust, by logging on to the virtual machine locally and then setting up a domain-free domain environment, this method will delete and re-establish the host password and then join the domain. The specific approach is to refer to http://support.microsoft.com/kb/162797 KB.
However, considering the practical application, many students reflect that this method needs to be restarted two times the virtual machine, time is too slow, and if the virtual machine installed enterprise root Certificate Services may not be simple through the fallback domain and rejoin the domain method implementation; So in our Windows Server 2012 uses the PowerShell V3 version of mining in a simple way, in the V3 version provides a way to reset the computer account, open the PowerShell console, You can re-establish the domain trust relationship by running the Reset-computermachinepassword cmdlet to reset the computer account without restarting the virtual machine.
So the simple way we use it is to log in as an administrator, then reset the computer account, and exit to log in as a domain account, and then solve the problem