⚠️
Symptom: User logs in and receives "The trust relationship between this workstation and the primary domain failed." The machine cannot authenticate against the domain controller.
01
Identify the BSOD Error Code (if applicable)
Note the stop code displayed on the blue screen (e.g. SYSTEM_SERVICE_EXCEPTION). Search the Microsoft support site for that specific code to identify the root cause before proceeding.
02
Update Drivers
Open Device Manager. Check for any devices with yellow exclamation marks — these indicate driver conflicts. Right-click → Update driver → Search automatically for drivers.
03
Run System File Checker
Open Command Prompt as Administrator. This scans and repairs corrupted or missing Windows system files.
sfc /scannow
04
Run DISM to Repair Windows Image
If SFC reports it cannot fix files, run DISM first, then SFC again.
DISM /Online /Cleanup-Image /RestoreHealth
sfc /scannow
05
Check RAM with Windows Memory Diagnostic
Press Win + R → type mdsched.exe → choose 'Restart now and check for problems'. Review results on reboot. Faulty RAM causes random BSODs and trust failures.
# Alternative: run via Command Prompt
mdsched.exe
06
Repair the Secure Channel (Trust Relationship)
Run this PowerShell command on the affected machine. It attempts to repair the secure channel between the workstation and the domain without a full rejoin.
# Run in elevated PowerShell
Test-ComputerSecureChannel -Repair -Credential (Get-Credential)
07
Remove and Rejoin the Domain (Last Resort)
If the secure channel repair fails: Settings → System → About → Rename this PC (advanced) → Change → select Workgroup → reboot. Then re-join the domain and reboot again.
💡
Prevention: Set up Proactive Remediations in Intune to periodically run
Test-ComputerSecureChannel as a detection script — alerting you before trust failures affect end users.