[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1127
  • Last Modified:

The security database on the server does not have a computer account for this workstation trust relationship.

I recently restarted our primary exchange server (windows server 2008:SP2 with exchange 2007) and cannot log back in to the server as a domain user.  I receive the following error: "The security database on the server does not have a computer account for this workstation trust relationship."

I have tried the following:

* Removing and rejoining to the domain.
* Changing the domain name to the shortened domain name (i.e. from domainname.local to domainname).
* Editing the GP to ensure that it does not set the primary domain suffix.
* Renamed the server and rejoined to the domian.
* Verified that SERVICEPRINCIOLENAME contains: HOST/<servername> and HOST/<servername.domainmame.com> .

Seems like the above steps have fixed this issue everywhere else I can find information on this error, however, none of them have resolved the issue for me.


0
sigkappu
Asked:
sigkappu
  • 7
  • 5
2 Solutions
 
Darius GhassemCommented:
Remove from the domain delete the computer account. Then rejoin the computer to the domain
0
 
sigkappuAuthor Commented:
Remove and rejoin to domain does not fix the issue as indicated in the original post.
0
 
Darius GhassemCommented:
Did you delete the computer account?
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
sigkappuAuthor Commented:
Yes the computer account was deleted from the DC after removal from the domain.
0
 
Darius GhassemCommented:
0
 
sigkappuAuthor Commented:
Saw all three of those and tried them as well already and they did not resolve the issue as well.
0
 
Darius GhassemCommented:
Yeah just saw that on your first post.

Well those are the common fixes that I have used.
0
 
sigkappuAuthor Commented:
a quick update, there are no security audits that show as failing in the security event log.  in the System event log there is a Security-Kerberos error that shows the following error code: security-kerberos error code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN.
0
 
sigkappuAuthor Commented:
here is the full error information: not sure if this is helpful or not:

General:
A Kerberos Error Message was received:
 on logon session
 Client Time:
 Server Time: 21:4:38.0000 11/19/2010 Z
 Error Code: 0x7  KDC_ERR_S_PRINCIPAL_UNKNOWN
 Extended Error: 0xc0000035 KLIN(0)
 Client Realm:
 Client Name:
 Server Realm: domainname.LOCAL
 Server Name: host/ServerName.DomainName.local
 Target Name: host/ServerName.DomainName.local@DOMAINNAME.LOCAL
 Error Text:
 File: 9
 Line: e2d
 Error Data is in record data.


Details:

- System

  - Provider

   [ Name]  Microsoft-Windows-Security-Kerberos
   [ Guid]  {98E6CFCB-EE0A-41E0-A57B-622D4E1B30B1}
   [ EventSourceName]  Kerberos
 
  - EventID 3

   [ Qualifiers]  32768
 
   Version 0
 
   Level 2
 
   Task 0
 
   Opcode 0
 
   Keywords 0x80000000000000
 
  - TimeCreated

   [ SystemTime]  2010-11-19T21:04:38.000Z
 
   EventRecordID 377998
 
   Correlation
 
  - Execution

   [ ProcessID]  0
   [ ThreadID]  0
 
   Channel System
 
   Computer ServerName.DomainName.local
 
   Security
 

- EventData

  LogonSession  
  ClientTime  
  ServerTime 21:4:38.0000 11/19/2010 Z
  ErrorCode 0x7
  ErrorMessage KDC_ERR_S_PRINCIPAL_UNKNOWN
  ExtendedError 0xc0000035 KLIN(0)
  ClientRealm  
  ClientName  
  ServerRealm DOMAINNAME.LOCAL
  ServerName host/ServerName.DomainName.local
  TargetName host/ServerName.DomainName.local@DOMAINNAME.LOCAL
  ErrorText  
  File 9
  Line e2d
   3015A103020103A20E040C350000C00000000001000000


--------------------------------------------------------------------------------

Binary data:


In Words

0000: 03A11530 A2030102 350C040E 00C00000
0008: 01000000 000000  


In Bytes

0000: 30 15 A1 03 02 01 03 A2   0.¡....¢
0008: 0E 04 0C 35 00 00 C0 00   ...5..À.
0010: 00 00 00 01 00 00 00      .......

0
 
sigkappuAuthor Commented:
Found the issue.  When rejoining to the domain, there were extra entries added to the 2nd exchange server container in SERVICEPRINCIOLENAME with both exchange server names.  
0
 
sigkappuAuthor Commented:
issue fixed
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 7
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now