Solved

The security database on the server does not have a computer account for this workstation trust relationship.

Posted on 2010-11-19
12
1,092 Views
Last Modified: 2012-05-10
I recently restarted our primary exchange server (windows server 2008:SP2 with exchange 2007) and cannot log back in to the server as a domain user.  I receive the following error: "The security database on the server does not have a computer account for this workstation trust relationship."

I have tried the following:

* Removing and rejoining to the domain.
* Changing the domain name to the shortened domain name (i.e. from domainname.local to domainname).
* Editing the GP to ensure that it does not set the primary domain suffix.
* Renamed the server and rejoined to the domian.
* Verified that SERVICEPRINCIOLENAME contains: HOST/<servername> and HOST/<servername.domainmame.com> .

Seems like the above steps have fixed this issue everywhere else I can find information on this error, however, none of them have resolved the issue for me.


0
Comment
Question by:sigkappu
  • 7
  • 5
12 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34175502
Remove from the domain delete the computer account. Then rejoin the computer to the domain
0
 

Author Comment

by:sigkappu
ID: 34175521
Remove and rejoin to domain does not fix the issue as indicated in the original post.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34175544
Did you delete the computer account?
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 

Author Comment

by:sigkappu
ID: 34175563
Yes the computer account was deleted from the DC after removal from the domain.
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 500 total points
ID: 34175646
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34175655
0
 

Author Comment

by:sigkappu
ID: 34175679
Saw all three of those and tried them as well already and they did not resolve the issue as well.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34175695
Yeah just saw that on your first post.

Well those are the common fixes that I have used.
0
 

Author Comment

by:sigkappu
ID: 34176526
a quick update, there are no security audits that show as failing in the security event log.  in the System event log there is a Security-Kerberos error that shows the following error code: security-kerberos error code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN.
0
 

Author Comment

by:sigkappu
ID: 34176716
here is the full error information: not sure if this is helpful or not:

General:
A Kerberos Error Message was received:
 on logon session
 Client Time:
 Server Time: 21:4:38.0000 11/19/2010 Z
 Error Code: 0x7  KDC_ERR_S_PRINCIPAL_UNKNOWN
 Extended Error: 0xc0000035 KLIN(0)
 Client Realm:
 Client Name:
 Server Realm: domainname.LOCAL
 Server Name: host/ServerName.DomainName.local
 Target Name: host/ServerName.DomainName.local@DOMAINNAME.LOCAL
 Error Text:
 File: 9
 Line: e2d
 Error Data is in record data.


Details:

- System

  - Provider

   [ Name]  Microsoft-Windows-Security-Kerberos
   [ Guid]  {98E6CFCB-EE0A-41E0-A57B-622D4E1B30B1}
   [ EventSourceName]  Kerberos
 
  - EventID 3

   [ Qualifiers]  32768
 
   Version 0
 
   Level 2
 
   Task 0
 
   Opcode 0
 
   Keywords 0x80000000000000
 
  - TimeCreated

   [ SystemTime]  2010-11-19T21:04:38.000Z
 
   EventRecordID 377998
 
   Correlation
 
  - Execution

   [ ProcessID]  0
   [ ThreadID]  0
 
   Channel System
 
   Computer ServerName.DomainName.local
 
   Security
 

- EventData

  LogonSession  
  ClientTime  
  ServerTime 21:4:38.0000 11/19/2010 Z
  ErrorCode 0x7
  ErrorMessage KDC_ERR_S_PRINCIPAL_UNKNOWN
  ExtendedError 0xc0000035 KLIN(0)
  ClientRealm  
  ClientName  
  ServerRealm DOMAINNAME.LOCAL
  ServerName host/ServerName.DomainName.local
  TargetName host/ServerName.DomainName.local@DOMAINNAME.LOCAL
  ErrorText  
  File 9
  Line e2d
   3015A103020103A20E040C350000C00000000001000000


--------------------------------------------------------------------------------

Binary data:


In Words

0000: 03A11530 A2030102 350C040E 00C00000
0008: 01000000 000000  


In Bytes

0000: 30 15 A1 03 02 01 03 A2   0.¡....¢
0008: 0E 04 0C 35 00 00 C0 00   ...5..À.
0010: 00 00 00 01 00 00 00      .......

0
 

Accepted Solution

by:
sigkappu earned 0 total points
ID: 34177638
Found the issue.  When rejoining to the domain, there were extra entries added to the 2nd exchange server container in SERVICEPRINCIOLENAME with both exchange server names.  
0
 

Author Closing Comment

by:sigkappu
ID: 34203788
issue fixed
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question