Repairing the Secure Channel

Posted On 2017-07-26 by dwirch
Tags: Tip Tutorial Windows Windows 7
Views: 69

This seems to be a recurring problem in some environments. In my experience, it usually happens when a machine has been offline for more than 30 days.

The error in question reads like this:

The Security Database on the server does not have a computer account for this workstation trust relationship

So what happens is, a user or users will request some workstations for a remote site. My team does a great job of imaging the new machines, and shipping them off. The users receive them, and promptly put them in a closet for four months.

When a workstation has been offline, and has not checked in with the domain for more than 30 days, the secure channel between it and the domain gets severed. Basically, the Kerberos secrets no longer match, and need to be reset.

The easiest way is to rejoin the machine to the domain, usually by using the netbios name of the domain, rather than the fully qualified domain. Instead of, you'd use mydomain.

Assuming you have access to the machine, you check the secure channel between it and the domain a couple different ways.

First, with PowerShell, it's simply a cmdlet:


The output of this will be a simple True or False. If you are averse to PowerShell, you can also use the NLTest command:

C:\>nltest /sc_verify:MyDomain
Trusted DC Name \\
Trusted DC Connection Status Status = 0 0x0 NERR_Success
Trust Verification Status = 0 0x0 NERR_Success
The command completed successfully

NLTest is a bit more verbose, showing you not only the trust verification status, among other things.

If either of these methods shows you a bad trust relationship, you can reset the secure channel with PowerShell or NetDom:


if(!(Test-ComputerSecureChannel)) {Test-ComputerSecureChannel -Repair}


netdom reset /d:<domain>

Hope this helps someone.

Any questions on this, leave them in the comments below, or you can make a post in the forums.

NetDom is pretty powerful, by the way. More information on NetDom can be found here.

About the Author

dwirch has posted a total of 188 articles.

Comments On This Post

No comments on this post yet!

Do you have a thought relating to this post? You can post your comment here. If you have an unrelated question, you can use the Q&A section to ask it.

Or you can drop a note to the administrators if you're not sure where you should post.

Your IP address is:

Before you can post, you need to prove you are human. If you log in, this test goes away.

Code Links