Hi,
I'm hoping someone can help me out here?

I have a small home network, comprised of 6PCs that are members of a Windows Domain. I have 2 Domain Controllers running Server 2016.

Since installing Feature Update 20H2 on one of my machines I've been seeing errors at logon "The Security Database on the Server does not have a Computer Account for this Workstation Trust Relationship".

The machine in question was cloned from an older computer that suffered hardware failure but has been working perfectly well in my domain. Until now.

In the Event Viewer there are Security Audit failures that specify a NULL SID, which I'm attributing to the machine being cloned. I ran a query in PowerShell to test the secure channel. It is broken. I tried to fix this in PowerShell but any attempt to repair the channel return a value of "False". Ordinarily I would just remove it from the domain and rejoin BUT this computer is my primary audio/video system. I have a TON of audio apps and projects on their so HAVING A NEW USER PROFILE IS NOT AN OPTION HERE.

If I disconnect the Ethernet cable I can login with cached credentials and when I plug the cable back in everything works fine (until the next time I try to login). I can run a PowerShell command to reset the machine password in AD BUT when I do this the machine restarts and creates a new profile for my user account (I had the foresight to image this machine right after I installed the feature update, so I can restore it to a state where my profile is intact.

What I've Tried

1. Repairing the secure channel using PowerShell - Failed
2. Removing the PC from the domain and rejoining the same domain - Succeeded but broke the user profile (new desktop, apps not registering etc.)
3. Resetting the machine password in AD - Succeeded but broke the important user profile.
4. Ran an NSLOOKUP on the problem machine, which correctly identifies the primary DC and also the secondary.
5. Reset the computer's account in the domain
6. Ran repadmin /syncall /AdeP on the DCs. Replication completed without errors
7. Ran an ipconfig/all on the PC, which correctly displays network settings (including DNS)
8. Tried turning off IPv6 and enabled "Enable NETBIOS over TCP/IP" - No difference

What I'm looking for is a non-destructive way to repair the secure channel (one that does not lead to resetting the user profile).

I realize this one is a bit off the wall but would be grateful for any suggestions anyone could offer that might steer me in the right direction. Even something that would allow me to create a clone of the user profile, so I don't lose access to my apps, that could be restored after a domain unjoin/rejoin

Best regards