Solved

ERROR: The security database on the server does not have a computer account for this workstation trust relationship.

Posted on 2010-08-18
5
7,449 Views
Last Modified: 2012-05-10
issue:

One of the users in my domain environment is getting this message while trying to login to his account on his local windows 7 Ult X64 machine.

The security database on the server does not have a computer account for this workstation trust relationship.

System wont let him in until he physically disconnect the network cable from his machine. then he logs in to  his AD account and reconnects the network cable.


I did some research on the error and found few things but need an opinion on how to proceed...

details:
MS Windows 2003 x64 domain controller
No GPOs
local user (no vpn)
user has no administrative rights

per:
http://kapothi.com/?p=249

Error : “The security database on the server does not have a computer account for this workstation trust relationship” on Windows Vista with sp1

What to check
1
Make sure your computer account is not disabled in Active Directory users and computers
2
Check
configuration/administrative templates/network/dns client/primary DNS suffix in GPO and make sure its correct or defined
3
A) Start > Run > ADSIEDIT.MSC
B) Go to Domain Partition and mark the affected computer
C) Rightclick and Properties.
D) Doubleclick ServicePrincipalName
E) Add new value: HOST/yourcomputername.yourdomain.xyz or whatever HOST is missing.




so I did that and here's what I see under that computer account / servicePrincipalName:

HOST /computername
HOST /computername.domainname.local
RestrictedKrbHost/computername
RestrictedKrbHost/computername.domainame.local


all the other machines dont have the "RestrictedKrbHost" part under servicePrincipalName.
should I delete it ?


also here

http://blogs.msdn.com/b/jongallant/archive/2008/11/19/solution-to-the-windows-exception-the-security-database-on-the-server-does-not-have-a-computer-account-for-this-workstation-trust-relationship.aspx

someone is suggesting to change the domain FQDN to a short name from domainname.local to domainname


Anyone has any suggestions ?

Thank you !







0
Comment
Question by:sbarhoumeh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 2

Accepted Solution

by:
Bull_81073 earned 167 total points
ID: 33467678
This is actually not that uncommon of an error, so you aren't alone!  This occurs when computer's domain account password has fallen out of sync with the password that the computer thinks that it should be.  Your only recourse is to un-join the computer from the domain, delete it from active directory and then re-join!
0
 

Author Comment

by:sbarhoumeh
ID: 33467951
thanks, I see the same advice in this thread

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23258126.html

but the guy said that re-joining did not helped.

also I would have to struggle with user profile backup / restore ...

any other thoughts ?
0
 
LVL 4

Assisted Solution

by:KazooSoft
KazooSoft earned 167 total points
ID: 33469247
When rejoining do you use DOMAIN.local or just DOMAIN? Try the alternative. We had the same problem even after deleting from AD and rejoining. Until we used just DOMAIN when joining it worked fine...

Weird, but solved it for us.
0
 

Author Comment

by:sbarhoumeh
ID: 33469846
what if . instead on re-joining Ill change the domain name from domain.local to domain     ?
can this help ? will this corrupt user's existing profile ?

0
 
LVL 6

Assisted Solution

by:zkrieger
zkrieger earned 166 total points
ID: 33470477
assuming you are logged in as yourself or an administrator that is NOT the affected user, no change should happen to their profile during this change.

0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question