The security database on the server does not have a computer account for this workstation trust relationship.

1.login screen-> "switch user" -> "other user", in the username field use "computername\localadmin" when the computername is your computername, and localadmin is a user with administrative privileges.

2. right click "computer" -> properties -> advanced system settings (on the left) -> computer name (tab) -> "change" button and switch to workgroup.

3. run the domain connection wizard from http://connect/

Good luck!

BTW. Administrator is disabled by default, you must use the administrative user you created at the first setup. Safe mode might help you find this user and login to continue the other steps.

Hmmm.  I thought I knew which user/password I created at the first setup, but I guess I was wrong.  I was going to try and use safe mode to try and find this user and login to continue, but every time I try to start in safe mode, the computer reboots ten seconds after I get to the login screen.  Any explanations, suggestions?

Ok.  I was able to use the bootable CD to reset the localadmin password.  I then removed the computer from the domain.  I then rejoined the computer to the domain using http://connect.  I'm still getting the same error message when I try to log in as a user of the domain. Also, in the SBS console the PC has "Unknown - No Computer is mapped to this computer account (dnsHostName is empty)." under "Status".  Any idea why I still might be getting this error?

At this point it sounds as if you have bigger problems. I would suggest running Active Directory Diagnostics on the server.


Please open a command prompt and type dcdiag /v and post the output to this thread.

When you removed the computer from the domain did you delete the computer account form the SBS console, or AD?
Best bet when rejoing a domain is to rename the computer to avoid any conflicts, even if it is just adding a letter or number to the end of the computer name. If no other computers are having issues I suspect rejoining again would be a good idea. When doing so it is also a good idea on the PC, after disjoining the domain, to remove the C:\Program Files\Windows Small Business server folder and the following registry key: HKLM\software\Microsoft\SmallBusinessServer

Your best bet to log on to this PC is to disconnect it from the network and then log in using a domain user account that has logged onto that PC before - ideally Domain Admin.  This will let you log in with cached credentials and sidestep the problem of the computer account not being trusted / not existing in AD.

If you would like to test to ensure that the secure channel communication is the issue without removing and rejoining the domain you can use NLtest from the DC.

http://support.microsoft.com/kb/158148


Example Output from Nltest.exe
As an example, suppose the TESTD domain trusts the ESS domain, and a computer running Windows NT Workstation called TEST3 is a member of the TESTD domain.

NLTEST can be used to show this trust relationship.
   C:\>nltest /trusted_domains
   Trusted domain list:
      ESS
   The command completed successfully
                        

To determine the domain controllers in the TESTD domain:
   C:\>nltest /dclist:testd
   List of DCs in Domain testd
      \\TEST2 (PDC)
      \\TEST1
   The command completed successfully
                        

To determine the domain controllers in the ESS domain:
   C:\>nltest /dclist:ess
   List of DCs in Domain ess
      \\NET1 (PDC)
   The command completed successfully
                        

Below are the secure channels between each domain controller in TESTD and a DC in the ESS domain.
   C:\>nltest /server:test1 /sc_query:ess
   Flags: 0
   Connection Status = 0 0x0 NERR_Success
   Trusted DC Name \\NET1
   Trusted DC Connection Status Status = 0 0x0 NERR_Success
   The command completed successfully

   C:\>nltest /server:test2 /sc_query:ess
   Flags: 0
   Connection Status = 0 0x0 NERR_Success
   Trusted DC Name \\NET1
   Trusted DC Connection Status Status = 0 0x0 NERR_Success
   The command completed successfully
                        

The workstation that is a member of the TESTD domain has an implicit trust with a domain controller.
   C:\>nltest /server:test3 /sc_query:testd
   Flags: 0
   Connection Status = 0 0x0 NERR_Success
   Trusted DC Name \\TEST2
   Trusted DC Connection Status Status = 0 0x0 NERR_Success
   The command completed successfully
                        

To determine if a domain controller can authenticate a user account:
   C:\>nltest /whowill:ESS bob
   [20:58:55] Mail message 0 sent successfully
   (\MAILSLOT\NET\GETDC939)
   [20:58:55] Response 0: S:\\NET1 D:ESS A:bob (Act found)
   The command completed successfully

   C:\>nltest /whowill:testd test
   [21:26:13] Response 0: S:\\TEST2 D:TESTD A:test (Act found)
   [21:26:15] Mail message 0 sent successfully
   (\MAILSLOT\NET\GETDC295)
   The command completed successfully
                        

NLTEST can be used to find a trusted domain that has a given user account.
   C:\>nltest /finduser:sweppler
   Domain Name: ESS
   Trusted DC Name \\NET1
   The command completed successfully
                        

To verify the status of BDC synchronization:
   C:\>nltest /bdc_query:testd
   Server : \\TEST1
      SyncState : IN_SYNC
      ConnectionState : Status = 0 0x0 NERR_Success
   The command completed successfully