Solved

Windows 7, passwords changes error with DC

Posted on 2010-08-24
8
301 Views
Last Modified: 2012-06-21
Hi dear,

We actually encouter a strange problem with our WIndows 7 clients.

We have a 2003 domain, with only one forest, we have added a 2008 R2 domain controller a few days ago, everything works well.

Today, when we try to modify users passwords, we recieve the following message : "The security database on the server does not have a computer account for this workstation trust relationship", it appears only on Windows 7 clients.

I've found some solutions (this one for example, http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23258126.html) but they doesn't work.

Microsoft give us some solution too (http://technet.microsoft.com/en-us/library/ee849847(WS.10).aspx)
but with no resluts too.

Any idea ?

Thanks
0
Comment
Question by:CIAD
  • 4
  • 3
8 Comments
 
LVL 1

Expert Comment

by:saimirka
ID: 33508843
I think the pc has lost its computer account from the dc try removing and rejoining the pc to the domain.
0
 
LVL 9

Expert Comment

by:Chev_PCN
ID: 33508848
The MS article seems to be around joining PCs to a domain, rather than PWD changes.
2 suggestions:
What is your domain functional level? If it's still @ 2000 level then you need to raise it anyway.
Check your policies - your LanMan authentication policy may be having some effect.

LanMan.jpg
0
 
LVL 9

Expert Comment

by:Chev_PCN
ID: 33508866
Check your domain suffix policies, esp in DHCP.
This article indicates that it has solved the problem:
http://social.technet.microsoft.com/Forums/en-US/itprovistasp/thread/31905c1a-5c25-4426-ac8d-677004c21f5d

A more labour-intensive suggestion from other forums is to disjoin the machine from the domain and re-join it again.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:CIAD
ID: 33508933
Our domain is 2003 full, no 2000. We have controlled the DHCP and the suffix policies, everything is in order !

When we stop de 2008R2 controller, it works and our Win 7 clients could change their passwords and logon correctly direct after, so it seems that the 2008 DC is the source of the problem.

This event could be linked with our problem ?

"The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate,  Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds that  are performed on a cleartext (non-SSL/TLS-encrypted) connection.  Even if no clients are using such binds, configuring the server to reject them will improve the security of this server."

Thanks for our answers
0
 
LVL 9

Accepted Solution

by:
Chev_PCN earned 250 total points
ID: 33508988
Hi CIAD.
Please have a look at my earlier comment regarding NTLM.
On both the server and clients, try changing the setting to:
"Use LM and NTLM - use NTLM v2 session security if negotiated."
0
 

Author Comment

by:CIAD
ID: 33510160
So we try to change Local security settings to "Use LM and NTLM - use NTLM v2 session security if negotiated." on both DC and client but nothing change...

I continue my investigations
0
 

Author Comment

by:CIAD
ID: 33699597
Problem solved, some bad replications between the DCs, everything's work now
0
 

Author Closing Comment

by:CIAD
ID: 33699601
Help us to find problem
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to create scheduled tasks in windows 10 via GPO 5 48
Windows Installer (VBSCRIPT) Rename Printer 3 31
logon time 6 39
Code Manager | Snippits 2 37
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question