there are many reasons why this can happens, There might be multiple reasons for this kind of behaviour. Below are listed a few of them:
- Single SID has been assigned to multiple computers.
- If the Secure Channel is Broken between Domain controller and workstations
- If there are no SPN or DNSHost Name mentioned in the computer account attributes
- Outdated NIC Drivers.
The most obvious classic way to restore trust relationship is:
- Reset local Admin password
- Move computer from Domain to workgroup
- Reset Computer account in the domain using ADUC console
- Rejoin computer to the domain
- Reboot again
The easiest way to resolve this is to log on to the machine or server with local administrator user name and credential , for example \Administrator or computername\administrator
Then execute this command it won’t reset domain admin pass word ! only the machine password reset to allow secure channeling again to the domain controller allowing login :
Netdom resetpwd /Server:DomainController /UserD:Administrator /PasswordD:Password
server= Domain controller, UserD=Domain admin, password=password for the domain admin
After that just logoff and login as domain user .
You can also try with powershell :
Reset-ComputerMachinePassword -Server DomainController -Credential Domain\Admin
And again logoff the local account and login with domain user .
You can test the connection with this command :
Test-ComputerSecureChannel -Repair -Credential domain\user
The last option is to take the machine out of the domain to workgroup and then again rejoin the machine to the domain, this will work as well how ever with servers it can cause some problems as this operation will create new SID , this effect depands on the environment .