Solved: The trust relationship between this workstation and the primary domain failed.

If you get this error, the normal procedure is to change the server from Domain to workgroup -> Restart the server -> Then again change it back from Workgroup to Domain -> Restart the server.

But what if you need to fix the issue without restarting the server ?

Login to the problematic server with local admin login credentials -> Launch PowerShell with run as administrator


Here give your Domain login credential (make sure that has privileges to execute the below command)

Reset-ComputerMachinePassword -Credential $cred -Server DomainControllername

This will fix the issue


If the issue still persists, then follow the below steps:

  1. Join the server to workgroup and restart it
  2. Wait for few minutes
  3. Delete the object in the Active directory user and computers (dsa.msc)
  4. Join the server back to domain

Now you the issue should be resolved.


Important services in Windows Domain controller

Active Directory Domain Services

AD DS domain controller service. If this service is stopped, users will be unable to log on to the network.

Provides domain controller service. Stopping the service will stop the server acts as a Domain controller.

Active Directory Web Services

Provides web service interface to  AD DS and AD LDS (Lightweight Directory Service) that running locally on this server.

Required for AD PowerShell module, AD Administrative center to work.

DHCP client

This service is responsible for registering IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive DHCP IP address and DNS updates.

File Replication Service (FRS)

Synchronizes folders with file servers that use FRS instead of newer DFS replication technology.

Distributed File System Replication (DFSR)

DFSR is used to replicate contents of SYSVOL between domain controllers. SYSVOL contains Group Policy, logon and logoff scripts (if any). Stopping this service will have effect on Group Policies, logon and logoff scripts etc.

DFSR replaces FRS starting with Windows server 2008.

In Windows Server 2008 R2, File Replication Service (FRS) cannot be used for replicating Distributed File System (DFS) folders or custom (non-SYSVOL) data. A Windows Server 2008 R2 domain controller can still use FRS to replicate the contents of the SYSVOL share in a domain that uses FRS for replicating the SYSVOL share between domain controllers. However, Windows Server 2008 R2 servers cannot use FRS to replicate the contents of any replica set apart from the SYSVOL share.

DNS Client

This service caches DNS names and registers the full computer name for this computer.

DNS Server

Provides Name resolution service to clients by answering DNS queries and dymanic DNS update requests. If this service is stopped, DNS updates will not occur.

Kerberos Key Distribution Center (KDC)

On DC this service enables users to log on to the network using Kerberos authentication protocol.


Maintains a secure channel between this computer and the domain controller for authenticating users and services.This secure channel is used for authentication (Kerberos and NTLM) and DC replication.

If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records.

  • This service is responsible for creating Secure Channel between Domain Controllers and client computers. Secure Channel is created to pass the authentication packets.
  • Service performs the registration of SRV records, CNAME and other DC records in the DNS Server to advertise the availability of Domain Controllers in the domain.
  • SRV Records registered by NetLogon Service are stored in C:\Windows\System32\Config\NetLogon.DNS File.
  • Performs registration of SRV Records every 24 hours depending on the version of Operating System in use.
  • Registers the SRV Records for a site where there is no Domain Controller. This is called Site Coverege.

Remote Desktop Services

Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop session Host Server depend on this service.

Windows Time

Maintains date and time synchronization on all clients and servers on the network.

Acts as Network Time Protocol (NTP) client and NTP time server. w32time.exe command line tool for troubleshooting issues such as computer is unable to sync time with authoritative source.


Info from Various sources including

How to manually replicate Windows Active Directory

Microsoft Windows Active Directory performs automatic replication between the Domain controllers. To do this, open Active Directory Sites and Services.

AD Sites and Services -> Sites -> Expand site -> Servers -> Expand Domain controller -> NTDS Settings

Right side, right click the servers the select “Replicate Now” to do manual replication.

AD Sites and services



Getting access denied error while trying to logoff a disconnected session in RDP

Sometimes  you can’t logoff a (disconnected) session in a Windows server. If you try to logoff you may get access denied error. This post will go through how to run Task manager with Administrator in GUI mode. Unlike other apps, executing Task manager with admin privilege is not straight forward.


To logoff, you need to run Task manager with Administrator privileges. By default, Task manager would not start with Administrator privileges. To do, first open Task manager (Task bar -> Right click and open Task manager) and then right click the Task manager in the Task bar and select “Pin this program to Taskbar”. Now close the Task manager.


Once done, again right click the Task manager icon -> Right click “Windows Task Manager” -> Select Run as Administrator.

tsk 3

Now you can run Task manager with Admin privileges.