The trust relationship between this workstation and the primary domain failed

Scenario

You’ve just reverted to a previous snapshot using VMware vSphere 5.1, and the next time you try to login, you get the following error:

The trust relationship between this workstation and the primary domain failed

Solution

Unjoin then rejoin the computer to the domain.

You can also change some settings in GPO for computer passwords.

Configuring the Password Expiry

Contrary to user account password policy, the machine account password is managed by two options:

  • The change interval specified the time between forced changes of the machine account password.
  • The expiry defines whether machine account password expires at all.

Both options are configured through group policies under the following node:

Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options

  • Domain member: Disable machine account password changes
  • Domain member: Maximum machine account password age

Both options are not configured by default.

Best Practices in Virtual Environments

In virtualised environments, machine account password changes should be disabled. By preventing machines from changing this password automatically, domain synchronization issues are effectively remedied.

By default, a machine account password is changed every 30 days. When a virtual machine has been in use for more than 30 days and is then reset to an earlier state, the snapshot contains an outdated password causing the machine to loose its connection to the domain.

Source