Solved

The security database on the server does not have a computer account for this workstation trust relationship.

Posted on 2010-11-19
12
1,094 Views
Last Modified: 2012-05-10
I recently restarted our primary exchange server (windows server 2008:SP2 with exchange 2007) and cannot log back in to the server as a domain user.  I receive the following error: "The security database on the server does not have a computer account for this workstation trust relationship."

I have tried the following:

* Removing and rejoining to the domain.
* Changing the domain name to the shortened domain name (i.e. from domainname.local to domainname).
* Editing the GP to ensure that it does not set the primary domain suffix.
* Renamed the server and rejoined to the domian.
* Verified that SERVICEPRINCIOLENAME contains: HOST/<servername> and HOST/<servername.domainmame.com> .

Seems like the above steps have fixed this issue everywhere else I can find information on this error, however, none of them have resolved the issue for me.


0
Comment
Question by:sigkappu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
12 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34175502
Remove from the domain delete the computer account. Then rejoin the computer to the domain
0
 

Author Comment

by:sigkappu
ID: 34175521
Remove and rejoin to domain does not fix the issue as indicated in the original post.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34175544
Did you delete the computer account?
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 

Author Comment

by:sigkappu
ID: 34175563
Yes the computer account was deleted from the DC after removal from the domain.
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 500 total points
ID: 34175646
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34175655
0
 

Author Comment

by:sigkappu
ID: 34175679
Saw all three of those and tried them as well already and they did not resolve the issue as well.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34175695
Yeah just saw that on your first post.

Well those are the common fixes that I have used.
0
 

Author Comment

by:sigkappu
ID: 34176526
a quick update, there are no security audits that show as failing in the security event log.  in the System event log there is a Security-Kerberos error that shows the following error code: security-kerberos error code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN.
0
 

Author Comment

by:sigkappu
ID: 34176716
here is the full error information: not sure if this is helpful or not:

General:
A Kerberos Error Message was received:
 on logon session
 Client Time:
 Server Time: 21:4:38.0000 11/19/2010 Z
 Error Code: 0x7  KDC_ERR_S_PRINCIPAL_UNKNOWN
 Extended Error: 0xc0000035 KLIN(0)
 Client Realm:
 Client Name:
 Server Realm: domainname.LOCAL
 Server Name: host/ServerName.DomainName.local
 Target Name: host/ServerName.DomainName.local@DOMAINNAME.LOCAL
 Error Text:
 File: 9
 Line: e2d
 Error Data is in record data.


Details:

- System

  - Provider

   [ Name]  Microsoft-Windows-Security-Kerberos
   [ Guid]  {98E6CFCB-EE0A-41E0-A57B-622D4E1B30B1}
   [ EventSourceName]  Kerberos
 
  - EventID 3

   [ Qualifiers]  32768
 
   Version 0
 
   Level 2
 
   Task 0
 
   Opcode 0
 
   Keywords 0x80000000000000
 
  - TimeCreated

   [ SystemTime]  2010-11-19T21:04:38.000Z
 
   EventRecordID 377998
 
   Correlation
 
  - Execution

   [ ProcessID]  0
   [ ThreadID]  0
 
   Channel System
 
   Computer ServerName.DomainName.local
 
   Security
 

- EventData

  LogonSession  
  ClientTime  
  ServerTime 21:4:38.0000 11/19/2010 Z
  ErrorCode 0x7
  ErrorMessage KDC_ERR_S_PRINCIPAL_UNKNOWN
  ExtendedError 0xc0000035 KLIN(0)
  ClientRealm  
  ClientName  
  ServerRealm DOMAINNAME.LOCAL
  ServerName host/ServerName.DomainName.local
  TargetName host/ServerName.DomainName.local@DOMAINNAME.LOCAL
  ErrorText  
  File 9
  Line e2d
   3015A103020103A20E040C350000C00000000001000000


--------------------------------------------------------------------------------

Binary data:


In Words

0000: 03A11530 A2030102 350C040E 00C00000
0008: 01000000 000000  


In Bytes

0000: 30 15 A1 03 02 01 03 A2   0.¡....¢
0008: 0E 04 0C 35 00 00 C0 00   ...5..À.
0010: 00 00 00 01 00 00 00      .......

0
 

Accepted Solution

by:
sigkappu earned 0 total points
ID: 34177638
Found the issue.  When rejoining to the domain, there were extra entries added to the 2nd exchange server container in SERVICEPRINCIOLENAME with both exchange server names.  
0
 

Author Closing Comment

by:sigkappu
ID: 34203788
issue fixed
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Hyper-V won't start Server 2003 as a guest OS 7 95
Separate DNS forwarding 2 41
trying to change time server to time.windows.com, errors 2 36
Unable to hit site 2 23
I was asked if I could set up a fax machine so that incoming faxes were delivered to people's Exchange inboxes and so that they could send faxes from their desktops without needing to print the document first.  I knew it was possible but I had no id…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question