Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1118
  • Last Modified:

The security database on the server does not have a computer account for this workstation trust relationship.

I recently restarted our primary exchange server (windows server 2008:SP2 with exchange 2007) and cannot log back in to the server as a domain user.  I receive the following error: "The security database on the server does not have a computer account for this workstation trust relationship."

I have tried the following:

* Removing and rejoining to the domain.
* Changing the domain name to the shortened domain name (i.e. from domainname.local to domainname).
* Editing the GP to ensure that it does not set the primary domain suffix.
* Renamed the server and rejoined to the domian.
* Verified that SERVICEPRINCIOLENAME contains: HOST/<servername> and HOST/<servername.domainmame.com> .

Seems like the above steps have fixed this issue everywhere else I can find information on this error, however, none of them have resolved the issue for me.


0
sigkappu
Asked:
sigkappu
  • 7
  • 5
2 Solutions
 
Darius GhassemCommented:
Remove from the domain delete the computer account. Then rejoin the computer to the domain
0
 
sigkappuAuthor Commented:
Remove and rejoin to domain does not fix the issue as indicated in the original post.
0
 
Darius GhassemCommented:
Did you delete the computer account?
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
sigkappuAuthor Commented:
Yes the computer account was deleted from the DC after removal from the domain.
0
 
Darius GhassemCommented:
0
 
sigkappuAuthor Commented:
Saw all three of those and tried them as well already and they did not resolve the issue as well.
0
 
Darius GhassemCommented:
Yeah just saw that on your first post.

Well those are the common fixes that I have used.
0
 
sigkappuAuthor Commented:
a quick update, there are no security audits that show as failing in the security event log.  in the System event log there is a Security-Kerberos error that shows the following error code: security-kerberos error code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN.
0
 
sigkappuAuthor Commented:
here is the full error information: not sure if this is helpful or not:

General:
A Kerberos Error Message was received:
 on logon session
 Client Time:
 Server Time: 21:4:38.0000 11/19/2010 Z
 Error Code: 0x7  KDC_ERR_S_PRINCIPAL_UNKNOWN
 Extended Error: 0xc0000035 KLIN(0)
 Client Realm:
 Client Name:
 Server Realm: domainname.LOCAL
 Server Name: host/ServerName.DomainName.local
 Target Name: host/ServerName.DomainName.local@DOMAINNAME.LOCAL
 Error Text:
 File: 9
 Line: e2d
 Error Data is in record data.


Details:

- System

  - Provider

   [ Name]  Microsoft-Windows-Security-Kerberos
   [ Guid]  {98E6CFCB-EE0A-41E0-A57B-622D4E1B30B1}
   [ EventSourceName]  Kerberos
 
  - EventID 3

   [ Qualifiers]  32768
 
   Version 0
 
   Level 2
 
   Task 0
 
   Opcode 0
 
   Keywords 0x80000000000000
 
  - TimeCreated

   [ SystemTime]  2010-11-19T21:04:38.000Z
 
   EventRecordID 377998
 
   Correlation
 
  - Execution

   [ ProcessID]  0
   [ ThreadID]  0
 
   Channel System
 
   Computer ServerName.DomainName.local
 
   Security
 

- EventData

  LogonSession  
  ClientTime  
  ServerTime 21:4:38.0000 11/19/2010 Z
  ErrorCode 0x7
  ErrorMessage KDC_ERR_S_PRINCIPAL_UNKNOWN
  ExtendedError 0xc0000035 KLIN(0)
  ClientRealm  
  ClientName  
  ServerRealm DOMAINNAME.LOCAL
  ServerName host/ServerName.DomainName.local
  TargetName host/ServerName.DomainName.local@DOMAINNAME.LOCAL
  ErrorText  
  File 9
  Line e2d
   3015A103020103A20E040C350000C00000000001000000


--------------------------------------------------------------------------------

Binary data:


In Words

0000: 03A11530 A2030102 350C040E 00C00000
0008: 01000000 000000  


In Bytes

0000: 30 15 A1 03 02 01 03 A2   0.¡....¢
0008: 0E 04 0C 35 00 00 C0 00   ...5..À.
0010: 00 00 00 01 00 00 00      .......

0
 
sigkappuAuthor Commented:
Found the issue.  When rejoining to the domain, there were extra entries added to the 2nd exchange server container in SERVICEPRINCIOLENAME with both exchange server names.  
0
 
sigkappuAuthor Commented:
issue fixed
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 7
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now