I'm in the process of migrating about 35 users from desktop PCs to laptops, and I've run into some frustrating trust issues with our domain controller. Most users are already joined to the domain since we're completing an Active Directory setup that was initiated from scratch. Currently, our laptops point to an in-house DNS server set up with a forwarding zone to our domain. When users are remote, they connect through an Azure P2S VPN to access the Azure virtual network, which has a site-to-site connection back to the office.
The main problem is that these laptops are frequently losing their trust connections with the domain controller, leading to a series of irritating symptoms like network drive mapping failures and errors indicating that a name is already in use. I've also tried using `Test-ComputerSecureChannel -Repair` to fix the trust relationship, but I often get "server not operational" errors. This issue occurs both in and out of the office. I've been dealing with this for a few weeks and would really appreciate any insights or solutions you might have!
4 Answers
We've experienced a lot of trust issues with Server 2025 and Windows 11 version 23H2. Upgrading our Windows 11 devices to 24H2 solved the problem for us. Also, using the command `reset-computersecurechannel -Server YOURDC -Credential yourdomain\adminacct` helped.@Winston
It might be related to time sync issues or DNS problems. I also suggest migrating to Entra Joined devices; that could simplify things for your environment.
Sometimes trust relationships break due to backups being restored from before a machine password rotation. Are your users restoring backups on their laptops? If that's the case, it might be worth looking into.
The best move in a situation like this is to go for a cloud-native solution like Entra Join or Autopilot. If you still need some on-premises support, you can enable it through AD Connect.
Yeah, trust issues can pop up randomly. I've seen it happen when users return from being away from the network for an extended period. It could just resolve itself without any changes. I found a scriptable solution that helped in the long run.