How to Fix "Trust Relationship Failed" error without Rejoin Domain

Description:

One of your users suddenly sees the error message "Trust Relationship Between This Workstation And The Primary Domain Failed" when trying to logon to their machine.
You have verify the Computer Account is exist on Active Directory. DNS settings are properly set and there's no problem with port or networking.
You wish to remediate the issue without having to disjoin and rejoin the computer to the domain.

Resolution:

On the problematic machine, logon using local admin credential. Open PowerShell and run as Administrator. 
Type the following:
Reset-ComputerMachinePassword -Server DomainController -Credential

DomainAdmin

If the command completed successfully, logoff and try to logon again.

Migrate from Windows Hello to Windows Hello For Business (WHFB)

Description:

You have deployed Windows Hello in the past to several machines in the organizations. Recently you got direction from Management to deploy Windows Hello For Business (WHFB) for your organization. 
You have enable the Hybrid Cloud Kerberos trust and the configured required group policy. However, on the test machine, no WHFB got the prompt for provision. You have try to restart and make sure the WFHB group policy apply correctly.

Resolution:

Since you previously deployed Windows Hello, you need to make sure the "old" policy is being disabled.
Go to "Computer Configuration\Administrative Templates\System\Logon\Turn on convenience PIN sign-in". Make sure it is Disabled.

Multiple Prompt when creating Azure AD Kerberos Server object

Description:

You want to Deploy Windows Hello For Business with Hybrid Cloud Kerberos type in your environment.
You have met all the require prerequisites. However when trying to create Azure AD Kerberos Server object using below PowerShell command you encounter multiple prompt asking for Azure AD credential.

# Specify the on-premises Active Directory domain. A new Azure AD
# Kerberos Server object will be created in this Active Directory domain.
$domain = $env:USERDNSDOMAIN
# Enter an Azure Active Directory global administrator username and password.
$cloudCred = Get-Credential -Message 'An Active Directory user who is a member of the Global Administrators group for Azure AD.'
# Enter a domain administrator username and password.
$domainCred = Get-Credential -Message 'An Active Directory user who is a member of the Domain Admins group.'
# Create the new Azure AD Kerberos Server object in Active Directory
# and then publish it to Azure Active Directory.
Set-AzureADKerberosServer -Domain $domain -CloudCredential $cloudCred -DomainCredential $domainCred

Resolution:

Make sure the Azure AD Global Administrator account that you are using during configuration are not included in any of Azure AD Conditional Access rules. You may also need to close the previous PowerShell session and try again.

ADRMS and SharePoint IRM Integration Error - 0x80020009

Description:

You have configure ADRMS properly in your environment. Now you want to make SharePoint to use ADRMS. At the SharePoint Central Admin, you specify the location of the RMS Server.

However when you try to open a document protected with RMS, there's a pop-up error saying couldn't find the document. At the SharePoint event viewer you saw the following error:

Information Rights Management (IRM): There was a problem while ensure IRM client. Status value: -1, error value: 0x80020009.

[Information Rights Management (IRM): There was a problem while creating the generic issuance license template.

All issuance licenses for protected documents are constructed from a generic, base issuance license template.

Additional Data

Error value: 0x800704DC

Resolution:

Please go to the SharePoint Central Admin and make sure you already select or type in the correct RMS cluster server address. Use HTTPS instead of HTTP when typing the RMS cluster address.

Sample SQL Script to Update ADRMS Configuration Database during Parallels Upgrade

UPDATE [dbo].[DRMS_ClusterPolicies]

SET PolicyData = '' --(your new string with updated information goes between the ' ' )
WHERE PolicyName='CertificationUserKeyStorageConnectionString'
 
UPDATE [dbo].[DRMS_ClusterPolicies]
SET PolicyData = '' --(your new string with updated information goes between the ' ' )
WHERE PolicyName='DirectoryServicesCacheDatabase'
 
UPDATE [dbo].[DRMS_ClusterPolicies]
SET PolicyData = '' --(your new string with updated information goes between the ' ' )
WHERE PolicyName='LoggingDatabaseServer'