LibertyIMS
asked on
The security database on the server does not have a computer account for this workstation trust relationship
i have installed a new windows server 2008 standard on my windows 2003 network... everything has been running fine for the last few weeks since the install... However today we had to reboot the server (not a domain controller, just a stand alone box) and we are getting this error message when we try to log into the domain...
The security database on the server does not have a computer account for this workstation
trust relationship
I can log into the computer as the local admin without any problems... And i even removed the server from the domain, rebooted and readded (which did not have any errors) and when i tried to log into the domain i get the same message "The security database on the server does not have a computer account for this workstation trust relationship"
thanks,
The security database on the server does not have a computer account for this workstation
trust relationship
I can log into the computer as the local admin without any problems... And i even removed the server from the domain, rebooted and readded (which did not have any errors) and when i tried to log into the domain i get the same message "The security database on the server does not have a computer account for this workstation trust relationship"
thanks,
ASKER
Well like i stated above i have removed the server from the domain rebooted and re-added it to the domain without any problems...
As for the logs - nothing
Time setting - all current
As for the logs - nothing
Time setting - all current
Yeah, remove it from the domain, and then go in and delete the computer account from AD, then rejoin the network.
ASKER
Just did that and still get the same error message as soon i try to log into the domain... local PC no problem.... domain, gives me the error message.
I did see in AD that the computer account had a red X through it... but physically deleted it before joining this 2008 server back to the domain.
I did see in AD that the computer account had a red X through it... but physically deleted it before joining this 2008 server back to the domain.
Do the same, but for kicks, this time give it a different name.
ASKER
Nope, changing the computer name to a new name still gives me the same error message
Have any changes been made lately in your network? DNS for instance ?
ASKER
the only thing that was changed was installing Symantec Backup Exec 12.0 agent on the server (the reason why we needed to reboot)
ASKER
Well i un-installed the Symantec BackupExec client and rebooted and tried to log in... got the same error message.
I logged into the server locally using the local admin user i created and had a look at the user account for the account we are using to log into this server (which the local account does work remember)... did not see anything on the local account, so i went to the domain account and found that something changed the level of access from ADMINISTRATOR to OTHER (set to Debug user) so i change that back to Administrator and logged off.... well now both my local account AND my domain account can no longer log into this server.
I logged into the server locally using the local admin user i created and had a look at the user account for the account we are using to log into this server (which the local account does work remember)... did not see anything on the local account, so i went to the domain account and found that something changed the level of access from ADMINISTRATOR to OTHER (set to Debug user) so i change that back to Administrator and logged off.... well now both my local account AND my domain account can no longer log into this server.
ASKER
Just to give you an update as to where i am with this... I opened a trouble ticket with Microsoft and we are going on our 4rd day troubleshooting this issue... As soon as we have a resolution to this issue i will post an answer here.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Just to add to this, if you have any other machine/account on the domain with the SPN set to HOST/servername or HOST/server.domainname it will cause this to happen, so if you renamed a machine in the past that had the same name you'll want to check there too to make sure it's not still in the SPN of that machine/account.
I had this very situation.
But the problem had arisen because we had renamed a server called XXX to YYY, and then joined another server with the XXX name to replace it. (So users would not have to learn a new name)
When i then looked at the old server YYY, it still had the XXX name in the SERVICEPRINCIOLENAME prop.
As soon as i delete that name from the old server entry, i could log in on the new server.
Best regards.
But the problem had arisen because we had renamed a server called XXX to YYY, and then joined another server with the XXX name to replace it. (So users would not have to learn a new name)
When i then looked at the old server YYY, it still had the XXX name in the SERVICEPRINCIOLENAME prop.
As soon as i delete that name from the old server entry, i could log in on the new server.
Best regards.
Great one.. Thanks helped me a lot
I experienced a similar error message with Windows Server 2008 R2 Standard. I was not able to logon with any domain credentials. I renamed the server and removed it from the domain. After the reboot I renamed the server to its orignal name and rejoined it to the domain. Problem resolved.
I had this same issue today. Server 2008 Std on a 2003 domain. I was logging in as domainname\username, but changed it to domainname.com\username (.com is the domain extension for this particular domain) Once I changed this, it logged in just fine
Actually rebooted into safe mode with networking, had to enable local admin account, it got disabled by default for some reason, then reset the password, and then rejoined the domain, restarted and Voila!! I could log in again.
OH, and i did remove the computer from AD first.
OH, and i did remove the computer from AD first.
I would create/reset the account for your 2008-server in ADUC-snapin and log on to 2008 server and add to domain.
Any clues in logs? Time settings?