Trust relationship failed with domain



I posted this problem on WindowsXP Help and Support earlier this week but
haven't found a solution. I thought this might be a good place to seek some

The setup:
Small home network

NT Server 4.0 SP6
Workstation Linux (not so much on the domain)
Workstation XP Pro SP2 (is but wasn't and is again)
Husband's Laptop XP Home, won't play on the domain
My laptop, XP Pro (is but isn't)

For some reason, after years of my little domain working fine 2
of my computers (Workstation XP Pro and Laptop XP Pro, both wireless)
failed trusting my domain (NT 4.0 sp6) which they had been on for years.
I had recently installed McAfee VirusScan Plus 2007 on the workstation
(which also housed my web server which stopped serving
right about then).

A few days ago, I tried to set up a share on the webserver. I was asked
for domain admin credentials, which I gave. I was told the password was
wrong. It wasn't. I tried several, all domain admins, all of which can log
other computers.

The next day, I tried to get to an existing share on that server and was told
I didn't have permissions. I checked the share and noted that all my domain
accounts were not in it anymore. My share permissions had actually been
changed. (I always had Domain Admins having full permission to my shares.)

Today, I went to compare that to what was going on on my XP laptop, which
has had McAfee for a year now. And voila, the same problem. Domain
permissions were gone from the shares and I couldn't add them.

So I go to my NT server box and check Server Manager. I'm told for both of
those computers that "The trust relationship between this workstation and
the primary domain has failed."

I uninstalled McAfee on the Workstation.
After much finagling (removing it from the domain, adding it to
a workgroup, and adding it back to the domain, rebooting between
each), I finally got the webserver back on. I had actually tried changing
its name, to which it replied that it was it's original name and put it
back on the domain. It's now on and doing fine. Whew!

I tried the same with the laptop. To no avail. I've removed it from
Server Manager. (It never actually leaves the list.)
I've set it to workgroup. I've readded it to the domain, both via Network
Identification on the laptop and Server Manager on NT. Repeatedly.
I've changed it's name. Same thing: trust relationship failed.

I've tried restoring from a restore point. The only one I had was
from 4:15 the same day. I tried it. It still won't trust
the domain to which it belongs. (I vow that if I get it working right again,
I will set restore points more often.)

I already tried uninstalling McAfee on the laptop. It didn't help.
The only active firewall is my router. Windows Firewall and
McAfees are both disabled.

Tried using it on an ethernet cord instead of just wireless but still no luck.

I've been logging on locally, which allows me to get the internet, and, in
a roundabout way, my network shares. But I'd really like to get it back
on the domain and trusting it.

It's on the domain. So says the laptop. So says Server Manager.
It just doesn't trust the domain, or the domain doesn't trust it. How
do I get these guys to kiss and makeup?

Any help? (I studied MCSE courses under NT 4 but 1) it's been a long time,
and 2) I only took half the tests before deciding I didn't want to be a
network admin. I am, however, an MCDST. I've been working in tech
support for 8 years. I'm at a loss at the moment.)


Robert L. \(MS-MVP\)

Can you ping the server by name? Or this search result may help.

logon domain issues“Trust Relationship has failed between the PDC and the
workstation†“The trust relationship between this workstation and the
primary domain failed†...

Networking, Internet, Routing, VPN Troubleshooting on
How to Setup Windows, Network, VPN & Remote Access on


Thanks. No, I cannot ping the server by name. Only by IP.

All my TCP\IP settings are obtained automatically, if that makes a difference.

Laptop still not trusting the domain or vice versa


I tried using the Network ID Wizard to fix this and these are the details I
got when my NT domain couldn't be reached (all the Help documents think it's
supposed to be an AD domain):

The domain name UFP might be a NetBIOS domain name. If this is the case,
verify that the domain name is properly registered with WINS.

If you are certain that the name is not a NetBIOS domain name, then the
following information can help you troubleshoot your DNS configuration.

The following error occurred when DNS was queried for the service location
(SRV) resource record used to locate a domain controller for domain UFP:

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.UFP

Common causes of this error include the following:

- The DNS SRV record is not registered in DNS.

- One or more of the following zones do not include delegation to its child

.. (the root zone)

For information about correcting this problem, click Help

This is a very simple NT domain. I've had no problems adding computers for
years, and this particular laptop had been on here for a year before it
suddenly stopped being one.

NT Server

XP Workstation XP Laptop (Previous W2K

My husband has an XP Home laptop, not on the domain. I have a Linux box as
well that can connect to the domain.

I still need help with this.

My router provides the IP information, or at least it did. I set the IP
addresses manually on the router and it gives them to the computers.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question