Solved

The security database on the server does not have a computer account for this workstation trust relationship.

Posted on 2010-11-19
12
1,082 Views
Last Modified: 2012-05-10
I recently restarted our primary exchange server (windows server 2008:SP2 with exchange 2007) and cannot log back in to the server as a domain user.  I receive the following error: "The security database on the server does not have a computer account for this workstation trust relationship."

I have tried the following:

* Removing and rejoining to the domain.
* Changing the domain name to the shortened domain name (i.e. from domainname.local to domainname).
* Editing the GP to ensure that it does not set the primary domain suffix.
* Renamed the server and rejoined to the domian.
* Verified that SERVICEPRINCIOLENAME contains: HOST/<servername> and HOST/<servername.domainmame.com> .

Seems like the above steps have fixed this issue everywhere else I can find information on this error, however, none of them have resolved the issue for me.


0
Comment
Question by:sigkappu
  • 7
  • 5
12 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34175502
Remove from the domain delete the computer account. Then rejoin the computer to the domain
0
 

Author Comment

by:sigkappu
ID: 34175521
Remove and rejoin to domain does not fix the issue as indicated in the original post.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34175544
Did you delete the computer account?
0
 

Author Comment

by:sigkappu
ID: 34175563
Yes the computer account was deleted from the DC after removal from the domain.
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 500 total points
ID: 34175646
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34175655
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:sigkappu
ID: 34175679
Saw all three of those and tried them as well already and they did not resolve the issue as well.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34175695
Yeah just saw that on your first post.

Well those are the common fixes that I have used.
0
 

Author Comment

by:sigkappu
ID: 34176526
a quick update, there are no security audits that show as failing in the security event log.  in the System event log there is a Security-Kerberos error that shows the following error code: security-kerberos error code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN.
0
 

Author Comment

by:sigkappu
ID: 34176716
here is the full error information: not sure if this is helpful or not:

General:
A Kerberos Error Message was received:
 on logon session
 Client Time:
 Server Time: 21:4:38.0000 11/19/2010 Z
 Error Code: 0x7  KDC_ERR_S_PRINCIPAL_UNKNOWN
 Extended Error: 0xc0000035 KLIN(0)
 Client Realm:
 Client Name:
 Server Realm: domainname.LOCAL
 Server Name: host/ServerName.DomainName.local
 Target Name: host/ServerName.DomainName.local@DOMAINNAME.LOCAL
 Error Text:
 File: 9
 Line: e2d
 Error Data is in record data.


Details:

- System

  - Provider

   [ Name]  Microsoft-Windows-Security-Kerberos
   [ Guid]  {98E6CFCB-EE0A-41E0-A57B-622D4E1B30B1}
   [ EventSourceName]  Kerberos
 
  - EventID 3

   [ Qualifiers]  32768
 
   Version 0
 
   Level 2
 
   Task 0
 
   Opcode 0
 
   Keywords 0x80000000000000
 
  - TimeCreated

   [ SystemTime]  2010-11-19T21:04:38.000Z
 
   EventRecordID 377998
 
   Correlation
 
  - Execution

   [ ProcessID]  0
   [ ThreadID]  0
 
   Channel System
 
   Computer ServerName.DomainName.local
 
   Security
 

- EventData

  LogonSession  
  ClientTime  
  ServerTime 21:4:38.0000 11/19/2010 Z
  ErrorCode 0x7
  ErrorMessage KDC_ERR_S_PRINCIPAL_UNKNOWN
  ExtendedError 0xc0000035 KLIN(0)
  ClientRealm  
  ClientName  
  ServerRealm DOMAINNAME.LOCAL
  ServerName host/ServerName.DomainName.local
  TargetName host/ServerName.DomainName.local@DOMAINNAME.LOCAL
  ErrorText  
  File 9
  Line e2d
   3015A103020103A20E040C350000C00000000001000000


--------------------------------------------------------------------------------

Binary data:


In Words

0000: 03A11530 A2030102 350C040E 00C00000
0008: 01000000 000000  


In Bytes

0000: 30 15 A1 03 02 01 03 A2   0.¡....¢
0008: 0E 04 0C 35 00 00 C0 00   ...5..À.
0010: 00 00 00 01 00 00 00      .......

0
 

Accepted Solution

by:
sigkappu earned 0 total points
ID: 34177638
Found the issue.  When rejoining to the domain, there were extra entries added to the 2nd exchange server container in SERVICEPRINCIOLENAME with both exchange server names.  
0
 

Author Closing Comment

by:sigkappu
ID: 34203788
issue fixed
0

Featured Post

Promote certifications in your email signature

Has your company recently won an award or achieved a certification? They'll no doubt want to show it off. Email signature images used to promote certifications & awards can instantly establish credibility with a recipient and provide you with numerous benefits.

Join & Write a Comment

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now