sigkappu
asked on
The security database on the server does not have a computer account for this workstation trust relationship.
I recently restarted our primary exchange server (windows server 2008:SP2 with exchange 2007) and cannot log back in to the server as a domain user. I receive the following error: "The security database on the server does not have a computer account for this workstation trust relationship."
I have tried the following:
* Removing and rejoining to the domain.
* Changing the domain name to the shortened domain name (i.e. from domainname.local to domainname).
* Editing the GP to ensure that it does not set the primary domain suffix.
* Renamed the server and rejoined to the domian.
* Verified that SERVICEPRINCIOLENAME contains: HOST/<servername> and HOST/<servername.domainmam
Seems like the above steps have fixed this issue everywhere else I can find information on this error, however, none of them have resolved the issue for me.
I have tried the following:
* Removing and rejoining to the domain.
* Changing the domain name to the shortened domain name (i.e. from domainname.local to domainname).
* Editing the GP to ensure that it does not set the primary domain suffix.
* Renamed the server and rejoined to the domian.
* Verified that SERVICEPRINCIOLENAME contains: HOST/<servername> and HOST/<servername.domainmam
Seems like the above steps have fixed this issue everywhere else I can find information on this error, however, none of them have resolved the issue for me.
Darius Ghassem
Remove from the domain delete the computer account. Then rejoin the computer to the domain
ASKER
Remove and rejoin to domain does not fix the issue as indicated in the original post.
Did you delete the computer account?
ASKER
Yes the computer account was deleted from the DC after removal from the domain.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Saw all three of those and tried them as well already and they did not resolve the issue as well.
Yeah just saw that on your first post.
Well those are the common fixes that I have used.
Well those are the common fixes that I have used.
ASKER
a quick update, there are no security audits that show as failing in the security event log. in the System event log there is a Security-Kerberos error that shows the following error code: security-kerberos error code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOW
ASKER
here is the full error information: not sure if this is helpful or not:
General:
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 21:4:38.0000 11/19/2010 Z
Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOW
Extended Error: 0xc0000035 KLIN(0)
Client Realm:
Client Name:
Server Realm: domainname.LOCAL
Server Name: host/ServerName.DomainName
Target Name: host/ServerName.DomainName
Error Text:
File: 9
Line: e2d
Error Data is in record data.
Details:
- System
- Provider
[ Name] Microsoft-Windows-Security
[ Guid] {98E6CFCB-EE0A-41E0-A57B-6
[ EventSourceName] Kerberos
- EventID 3
[ Qualifiers] 32768
Version 0
Level 2
Task 0
Opcode 0
Keywords 0x80000000000000
- TimeCreated
[ SystemTime] 2010-11-19T21:04:38.000Z
EventRecordID 377998
Correlation
- Execution
[ ProcessID] 0
[ ThreadID] 0
Channel System
Computer ServerName.DomainName.loca
Security
- EventData
LogonSession
ClientTime
ServerTime 21:4:38.0000 11/19/2010 Z
ErrorCode 0x7
ErrorMessage KDC_ERR_S_PRINCIPAL_UNKNOW
ExtendedError 0xc0000035 KLIN(0)
ClientRealm
ClientName
ServerRealm DOMAINNAME.LOCAL
ServerName host/ServerName.DomainName
TargetName host/ServerName.DomainName
ErrorText
File 9
Line e2d
3015A103020103A20E040C3500
--------------------------
Binary data:
In Words
0000: 03A11530 A2030102 350C040E 00C00000
0008: 01000000 000000
In Bytes
0000: 30 15 A1 03 02 01 03 A2 0.¡....¢
0008: 0E 04 0C 35 00 00 C0 00 ...5..À.
0010: 00 00 00 01 00 00 00 .......
General:
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 21:4:38.0000 11/19/2010 Z
Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOW
Extended Error: 0xc0000035 KLIN(0)
Client Realm:
Client Name:
Server Realm: domainname.LOCAL
Server Name: host/ServerName.DomainName
Target Name: host/ServerName.DomainName
Error Text:
File: 9
Line: e2d
Error Data is in record data.
Details:
- System
- Provider
[ Name] Microsoft-Windows-Security
[ Guid] {98E6CFCB-EE0A-41E0-A57B-6
[ EventSourceName] Kerberos
- EventID 3
[ Qualifiers] 32768
Version 0
Level 2
Task 0
Opcode 0
Keywords 0x80000000000000
- TimeCreated
[ SystemTime] 2010-11-19T21:04:38.000Z
EventRecordID 377998
Correlation
- Execution
[ ProcessID] 0
[ ThreadID] 0
Channel System
Computer ServerName.DomainName.loca
Security
- EventData
LogonSession
ClientTime
ServerTime 21:4:38.0000 11/19/2010 Z
ErrorCode 0x7
ErrorMessage KDC_ERR_S_PRINCIPAL_UNKNOW
ExtendedError 0xc0000035 KLIN(0)
ClientRealm
ClientName
ServerRealm DOMAINNAME.LOCAL
ServerName host/ServerName.DomainName
TargetName host/ServerName.DomainName
ErrorText
File 9
Line e2d
3015A103020103A20E040C3500
--------------------------
Binary data:
In Words
0000: 03A11530 A2030102 350C040E 00C00000
0008: 01000000 000000
In Bytes
0000: 30 15 A1 03 02 01 03 A2 0.¡....¢
0008: 0E 04 0C 35 00 00 C0 00 ...5..À.
0010: 00 00 00 01 00 00 00 .......
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
issue fixed