Virtualised domain machines may have snapshots which can be a problem after the machine is forced to change it's domain password; usually after 30 days. This is forced by group policy which is nearly always very difficult to get modified.
Check the password age setting here
Key = HKLM\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters
Value = MaximumPasswordAge REG_DWORD
The controlling policy is
Computer Configuration\windows Settings\Security settings\Local Policies\Security Options
Domain Member: Maximum Machine Account Password Age.
If a machine automatically changes its domain account password and is then reverted to an earlier snapshot then the message
The trust relationship between this workstation and the primary domain failed
appears and it can be a mission to get this sorted out. Logging on as local admin, switching to workstation reboot, switching to domain entering an authorised domain user account and password for adding machines to the domain etc etc.
Avoid the pain by remembering to force the password change before 30 days and saving a new snapshot. This command forces a machine domain account password change.
nltest /sc_change_pwd:<yourdomain>
