Check and renew computer trust

The trust relationship between a Windows PC and an Active Directory domain is a prerequisite for operating the PC in a Microsoft domain. Under certain conditions it can happen that exactly this trust relationship has been lost and the user receives the following error message.

The trust between this workstation and the primary domain could not be established.

As a result, the PC is no longer trusted and Windows registration is no longer possible. Trust relationships can also be lost when restoring PCs, for example. We would like to show you below how you can check your PC for an existing trust relationship or how you can renew trust relationships in the event of problems.

Test if trust works correctly

Microsoft provides a tool with the name ” NLTEST “, with which you can carry out tests regarding the domain trust relationship . The necessary command for this is:

nltest / sc_query: DOMAINNAME

nltest sc_query

In this case you can see that the trust does not work properly and an error code is issued. The exact message is:

Registration: 0
Trusted Domain_Controller_Name
Trusted connection status for domain controller status = 5 0x5 ERROR_ACCESS_DENIED
The command completed.

The error ” 0x5 ERROR_ACCESS_DENIED ” thus indicates that this Windows computer has lost the trust relationship with the domain. The same test, where the trust relationship is flawless, looks like this.

0x0 NERR_Sucess

Here the same NLTEST gives the following result:

Indicator: 30
Trusted domain controller name NAME OF THE DOMAIN CONTROLLER Trusted
connection status for domain controller Status = 5 0x0 NERR_Success
The command was executed.

Renew trust

If, as can be seen in the first picture , you receive an error message during ” NLTEST “, you can try to renew the existing trust relationship. As a result, the AD data of the computer object are reassigned and the trust relationship correctly reinitialized. The corresponding command for this is:

netdom resetpwd / s: NAME OF THE DOMAIN CONTROLLER / ud: DOMÄNE administrator / PD: *

netdom resetpwd

As you can see in the figure, after issuing the NETDOM command, the password of the administrator account of the domain is requested so that it can be checked whether the user has the appropriate rights to renew the trust relationship. The following answer then comes as a result.

The computer account password for the local computer has been reset. 

Then you can use the described “NLTEST” command to check again whether the trust relationship really works correctly again.

You can find more information on the topic of “Network” in these articles.

– 0x80070035 error code “The network path was not found” – Set up a
static IP address in Windows 10
– Edit hosts file in Windows 10
– Show currently open network and Internet connections – NETSTAT incl. Parameters
– Teredo IPv6 tunnel in Windows 10, Windows 8.1 and Disable Windows 7