Restoring Trust Relationship

Last week I was troubleshooting a server I recently upgraded and happened to notice a NETLOGON Event 3210 error in Server Manager. 

Another symptom of this problem is getting the error "The trust relationship between this server and the domain has failed." 

In the past, I'd resolve this by adding the server to a workgroup, rebooting, re-adding it back to the domain, and rebooting again. 

This time, I used Powershell's cmdlet Test-ComputerSecureChannel which "verifies that the channel between the local computer and its domain is working correctly by checking the status of its trust relationships. If a connection fails, you can use the Repair parameter to try to restore it. [It] returns True if the channel is working correctly and False if it is not."

The process is quite simple. First, test to see if the trust relationship is there or not. If you see the following, proceed. 

PS> Test-ComputerSecureChannel
False

But, I can't just run

PS> Test-ComputerSecureChannel -Repair

because I'm a normal user and you should be too.
Instead, first I need to collect my domain admin credentials before I can pass it in the command.

PS> Test-ComputerSecureChannel -Repair -Credential (Get-Credential)

(be sure to include your domain when doing so)

This is much easier than the old way and prevents any downtime. 

Extras: 

• While researching this, I found this blog by Aaron Rothstein. He has some interesting articles, like this and this.
• Also, SS64 because I use this website for quick references on many commands.