SBS 2003 domain wont connect clients

Hi.  I would like to configure a workstation to have access to active directory and other SBS 2003 resources.  I Just installed SBS 2003, and configured users and computers through the Todo list.  
the users are:
the client computers are:

I then ran the connect computer wizard from internet explorer in the client machine.  
The workstation itself is called JSMITH-PC, and JSmith is the local user account on it

The client completed setup and restarted.  I restarted again, and am unable to log on, a message says "security database on the server does not have a computer account for this workstation trust relationship"
I read what other people did with this error message and tried the following:
I turned off the client.  I deleted EARTH from "Manage client computers" on the server.  Now the client still defaults to try to log on as the deleted client computer, EARTH.

In the manage client computers console there is now a new computer listed.  

Figured it is better to ask then to keep deleting accounts and computers.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brian PiercePhotographerCommented:
I'm a bit confused here
You say you have a server and you have tried to add a workstation called JSMITH-PC to the domain,
so why did you delete the computer account called EARTH ?
Do you have AD installed? If so, on the client computer, you should just right click my computer, choose properties, computer name, change button, and enter in the domain name in the domain text box.  This will prompt you for a domain admin account.  Once it takes, restart and the computer will be on the domain.  Make sure when you log into the client computer you change the drop down menu for "log on to" from the computer name to the domain.

You shouldn't be managining client computers anywhere else besides active directory on a domain controller.
Brian PiercePhotographerCommented:
@dbsg NO NO NO

This is an SBS server, clients MUST be added through the connectcomputer wizard, problems will follow if you do not use this and just add clients as you would to a standard server.
OWASP: Threats Fundamentals

Learn the top ten threats that are present in modern web-application development and how to protect your business from them.

AE_JBAuthor Commented:
JSmith is the local user account, and JSMITH-PC is the local name of the machine.  Local meaning the names independent from anything to do with SBS, the names created when installing the Win7 Professional OS.  Right now, the only way I can use the client machine is to log in locally.
Active directory is populated with the defaults, as well as the users I created.
Manage client computers says there is a conflict with JSMITH-PC saying more than one client is assigned to a machine.
EARTH is deleted
The default (domain)logon for the client is still jwhite logging on to EARTH.

So, I should log on locally to get access, then do the connect wizard again?
Brian PiercePhotographerCommented:
When you joinn a machine to the domain then by default it will rename the computer by appending the domain name to the computer name, so the computer JSMITH-PC will become JSMITH-PC.mydomain.ext (where mydomain.ext is your domain name) so where is EARTH coming from ?

to log onto the domain with a domain account select to log on as another user and use the name in the format user\mydomain
AE_JBAuthor Commented:
were the client machine names I created in the add users and computers wizard, just arbitrary names.
so, I should select log in as another user,
then type
jwhite\my domain name
and password

Tried it.
Still getting trust relationship failure message.
Brian PiercePhotographerCommented:
When you run the connectcomputer wizard, does it report that the machine has joined the domain ?
Have you re-booted the clientt after joing the domain ?
Have you installed all thre updates as described at
AE_JBAuthor Commented:
I ran the wizard, it completed successfully, it did a restart is required to complete the process.
When it restarted, I enter credentials in the network login screen which returns the trust failure message.
SBS is fully patched through windows update.
It seems there is a security setting preventing the client from authenticating.
"user\mydomain" is not correct - it's "mydomain\user".  Although using connect computer is the recommended way to join machines to the domain, MS documentation states using the change button as an alternative. I've done this dozens of times across several different domains and have not once had an issue.

When you go into AD users and computers, what computers do you see?  When you go to the client, and view the computer name, what exactly do you see?  Does it show the FDQN as KCTS states what it should look like?

Before you try anything, look in ADU&C and delete the PC you're trying to add, if it's already there.  Also make sure to search the domain to ensure it's not in another container.  Once you're sure it's not there, personally, I would join it to the domain using the system properties name tab on the client.
AE_JBAuthor Commented:
I deleted all users and client computers in ADU&C, restarted.
Then I added a new user, and a new computer in in ADU&C.
I ran the connect computer wizard from the client.  It completed, and restarted, and got the same error message when attempting to logon:
"security database on the server does not have a computer account for this workstation trust relationship"
AE_JBAuthor Commented:
Probably doesn't help that I have standard and premium services running but not configured.
Exchange and active directory
ISA server
SQL server 2005
all are running and I made no configuration other than the todo list wizards.
AE_JBAuthor Commented:
JSMITH01 has re appeared in the client computers list on its own.
WINS shows no active registrations.
I installed the three downloads listed above, restarted, and disabled the ISA firewall.
Tried to log on to domain from client computer again, and got the same error message.

Does the client computer name show that it is part of the domain?
Is there any other firewall in the picture, i.e. on the client, server, or in between?
Can the computer and server ping, see shared files, etc?  
Do you have any GPO's that assign the primary domain suffix?
What does the client network adapter show for tcp/ip > advanced > dns?
Is DNS set up properly? Is it in AD?
Can you use the computer name tab, join the workstation to a workgroup, reboot, delete the account from AD, then use the computer name tab again to join the domain? Try using just the netbios domain name, not the FDQN, then restart. Again, please login with domain\username or username@domain.ext
What do the event logs say on the server and workstation? Do you see a failed attempt in the security log of the server when you try to log on?
Have you checked all the containers in AD for this computer name? Have you tried renaming the workstation as well?
Can you log onto the workstation with the domain admin account locally and on the domain?
Are the workstation and server all on the same LAN and subnet?
Dumb question but we're sure this is the professional version of Windows 7?

If you could answer all of these questions, it will help narrow down the cause.  This sounds like a DNS issue.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AE_JBAuthor Commented:
Does the client computer name show that it is part of the domain?
---Yes, Select my computer and right click for properties, shows the name as SATURN, and a member of SBS domain.

Is there any other firewall in the picture, i.e. on the client, server, or in between?
---Not that I know of.  The router has a firewall for DOS attacks, which I disabled.  I patched/added the ISA firewall from the link above and disabled it.  Not sure if there is an additional firewall on the server.  The Win 7 machine has windows firewall enabled shows the following:
Domain Networks                           Not connected
Home or work(private) networks   Not Connected
Public Networks                              Not Connected
Windows firewall state                  on
Incoming connections                     Block all connections to programs not on the list
Active public networks                  !!picture  sbslab2010.local 2 (Unauthenticated)
Notifications state                           notify me when firewall blocks a new program

Can the computer and server ping, see shared files, etc?  
---They can ping each other by IP address and by name.  The client can go to http://companyweb, enter credentials and add content.

Do you have any GPO's that assign the primary domain suffix?
--Not sure.

What does the client network adapter show for tcp/ip > advanced > dns?
---The static address of the SBS machine.

Is DNS set up properly? Is it in AD?
---Under active directory users and computers, the left pane shows a folder for saved queries, and a folder for sbslab2010.local, my domain.  The folders in sbslab2010.local are populated, except for the computers folder, which is empty.  Unsure if that answers the question.

I'll post the rest later.  Thanks.
AE_JBAuthor Commented:
Disabled firewall on client and restarted.  No change.
Please try removing the workstation from SBS and search AD to make sure there is no other object with this name, join the workstation to a workgroup, restart, then join to the domain using the name tab - don't use the web browser and the computer connect app, then restart.  Before you try to log on, make sure the computer shows up in the computers container within AD.

If this still doesn't work, you're going to need some run some tools to figure this out.  I'd start with dcdiag.
AE_JBAuthor Commented:
I started doing the checks and I logged onto the client using the local user.
I went into the network center on the client and it shows two computers:
SATURN                           SBS03LAB
I clicked on SBS03LAB and it asked for my credentials, I entered that of the network user still in AD, which gave me access to shared folders on SBS03LAB computer.
I click on SATURN and there several old setup folders saying _sbs_netsetup, plus the local user account folder, and a public folder.
Both SATURN and SBS03LAB show as being members of the workgroup SBSLAB2010

If I have access to shares, and the company web page, I would want to continue and set up email and other services on the client machine.

SBS03LAB is the name I gave to the server computer, if I remember correctly, and then I named the domain SBSLab2010.
DNS is running as SBS03LAB
DHCP is called sbs03lab.sbslab2010.local[]
WINS is called LAB WINS[]

Server management shows client computers SATURN and JSMITH01 under "Client computers"
However if I go to start-->all programs-->Microsoft exchange-->active directory users and computers, sbslab2010.local shows no computers in the "Computers" folder.  Though I have not worked with exchange yet, is this the AD container you reference?  Or is AD computers and users also in Server management console(where this client first appeared)?

Glad I have access to some resources and shares.  This is first server setup so it may be a bit sloppy, though functionality of as many services as possible is what I would like to get to ASAP.

Where should I take it from here?  Continue with the tear-down from the previous post? Or work with what I have?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.