sbarhoumeh
asked on
ERROR: The security database on the server does not have a computer account for this workstation trust relationship.
issue:
One of the users in my domain environment is getting this message while trying to login to his account on his local windows 7 Ult X64 machine.
The security database on the server does not have a computer account for this workstation trust relationship.
System wont let him in until he physically disconnect the network cable from his machine. then he logs in to his AD account and reconnects the network cable.
I did some research on the error and found few things but need an opinion on how to proceed...
details:
MS Windows 2003 x64 domain controller
No GPOs
local user (no vpn)
user has no administrative rights
per:
http://kapothi.com/?p=249
Error : “The security database on the server does not have a computer account for this workstation trust relationship” on Windows Vista with sp1
What to check
1
Make sure your computer account is not disabled in Active Directory users and computers
2
Check
configuration/administrati ve templates/network/dns client/primary DNS suffix in GPO and make sure its correct or defined
3
A) Start > Run > ADSIEDIT.MSC
B) Go to Domain Partition and mark the affected computer
C) Rightclick and Properties.
D) Doubleclick ServicePrincipalName
E) Add new value: HOST/yourcomputername.your domain.xyz or whatever HOST is missing.
so I did that and here's what I see under that computer account / servicePrincipalName:
HOST /computername
HOST /computername.domainname.l ocal
RestrictedKrbHost/computer name
RestrictedKrbHost/computer name.domai name.local
all the other machines dont have the "RestrictedKrbHost" part under servicePrincipalName.
should I delete it ?
also here
http://blogs.msdn.com/b/jongallant/archive/2008/11/19/solution-to-the-windows-exception-the-security-database-on-the-server-does-not-have-a-computer-account-for-this-workstation-trust-relationship.aspx
someone is suggesting to change the domain FQDN to a short name from domainname.local to domainname
Anyone has any suggestions ?
Thank you !
One of the users in my domain environment is getting this message while trying to login to his account on his local windows 7 Ult X64 machine.
The security database on the server does not have a computer account for this workstation trust relationship.
System wont let him in until he physically disconnect the network cable from his machine. then he logs in to his AD account and reconnects the network cable.
I did some research on the error and found few things but need an opinion on how to proceed...
details:
MS Windows 2003 x64 domain controller
No GPOs
local user (no vpn)
user has no administrative rights
per:
http://kapothi.com/?p=249
Error : “The security database on the server does not have a computer account for this workstation trust relationship” on Windows Vista with sp1
What to check
1
Make sure your computer account is not disabled in Active Directory users and computers
2
Check
configuration/administrati
3
A) Start > Run > ADSIEDIT.MSC
B) Go to Domain Partition and mark the affected computer
C) Rightclick and Properties.
D) Doubleclick ServicePrincipalName
E) Add new value: HOST/yourcomputername.your
so I did that and here's what I see under that computer account / servicePrincipalName:
HOST /computername
HOST /computername.domainname.l
RestrictedKrbHost/computer
RestrictedKrbHost/computer
all the other machines dont have the "RestrictedKrbHost" part under servicePrincipalName.
should I delete it ?
also here
http://blogs.msdn.com/b/jongallant/archive/2008/11/19/solution-to-the-windows-exception-the-security-database-on-the-server-does-not-have-a-computer-account-for-this-workstation-trust-relationship.aspx
someone is suggesting to change the domain FQDN to a short name from domainname.local to domainname
Anyone has any suggestions ?
Thank you !
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
what if . instead on re-joining Ill change the domain name from domain.local to domain ?
can this help ? will this corrupt user's existing profile ?
can this help ? will this corrupt user's existing profile ?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
https://www.experts-exchange.com/questions/23258126/The-security-database-on-the-server-does-not-have-a-computer-account-for-this-workstation-trust-relationship.html
but the guy said that re-joining did not helped.
also I would have to struggle with user profile backup / restore ...
any other thoughts ?