"Trust relationship between this workstation and the primary domain failed" error on a computer that's running Windows 7 or Windows Server 2008 R2

Applies to: Windows 7 Service Pack 1Windows Server 2008 R2 Service Pack 1

Symptoms


You may be intermittently unable to log on to your domain in Windows 7 or Windows Server 2008 R2. In this situation, you receive the following error message:

The trust relationship between this workstation and the primary domain failed.

Additionally, when you check the machine account in Active Directory Domain Services (AD DS), it shows that the machine password was changed recently.

Note To work around this problem, restart the client computer.

Cause


This problem is caused by the same problem which is fixed in hotfix 2545850 .

Resolution


To resolve this problem, install hotfix 2545850 .

Status


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information


If you take a network trace during the failure, you find the following:
  • A TGT request that resembles the following is sent from the client computer to the domain controller:
    KerberosV5:AS Request Cname: machineAccount$ Realm: Contoso.com Sname: krbtgt/contoso.com
  • A response request that resembles the following is sent from the domain controller to the client computer:

    KerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_FAILED (24)