No clear answer to this behavior.
Did Microsoft changed this behavior during covid-19 ?
If the machine was unable to communicate with a domain controller for 60 days, then we have a secure channel issue
As I understand if the current password and the cached password didn't match with AD computer password (so 60 days without AD contact an PC was running outside the network) the message: The trust relationship between this workstation and the primary domain failed was thrown if the computer contacts a domain controller after 60 days.
now :
Update April 2020: While the above scenario may have been possible when the article was originally written, Windows 7 SP1 clients and later will never reset the local registry LSA secret if it fails to reset the AD object’s corresponding UnicodePWD attribute -- in other words: Local password change will never occur unless a DC is able to process the change.
It seems that the PC doesn't initiate a password change if a DC is not available to process it.
Can someone confirm this behavior ?
Thanks