[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Workstation Trust Relationship

Posted on 2013-05-23
5
Medium Priority
?
875 Views
Last Modified: 2013-05-29
A while back we deleted a computer (windows 7) out of AD and then tried to re-add it with the same hostname. It shows up in AD when it's added and all the attributes look good but when I go to log in to the machine it says:

"The security database on the server does not have a computer account for the workstation trust relationship."

I've tried removing it from the domain and re-adding it. I've tried using the netdom resetpwd, I've tried so many things I've found online I don't even remember what they all are. :)

I looked through DNS and DHCP entries (windows server 2003) and don't see any issues with that. If I change the hostname on it I can log in just fine. Any other ideas on what to try?  

Please let me know if you need some more details and thank you!
0
Comment
Question by:Winsoup
  • 3
5 Comments
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 900 total points
ID: 39192743
Have you tried Joe's machinepwd utility.   Can't hurt to try it at this point.  You have done a lot already and usually the steps you have taken fix the issue.

http://blog.joeware.net/2012/06/07/2513/

Thanks

Mike
0
 
LVL 12

Assisted Solution

by:Julian123
Julian123 earned 900 total points
ID: 39192772
Another option I would try is:
1. Disjoin the computer from the domain if possible
2. Delete the Active directory for the computer
3. Rename the computer and reboot it
4. Rejoin the domain

This helps get rid of any issues involving having a previous account around.
0
 
LVL 3

Author Comment

by:Winsoup
ID: 39194281
I tried that utility with no luck. I also found this (link below) and ran it and when I ran the nltest utility it came back with "bad password" so I ran the netdom resetpwd utility and ran the test again and it came back successful but I still can't log in with this hostname. Here are the steps I used.

Julian, I can log in if I change the hostname but I don't want to have to change the hostname to something that's out of the naming convention.

*Doesn't look like my link worked* Here it is:

http://www.cievo.sk/2012/02/21/reset-computer-accounts-in-active-directory-domain/
0
 
LVL 3

Accepted Solution

by:
Winsoup earned 0 total points
ID: 39194342
Got it, the "service principal name"had an entry that was the same as another machine for some reason. I changed the other machine to what it was supposed to be and it works now.
Thank you for the help!!
0
 
LVL 3

Author Closing Comment

by:Winsoup
ID: 39203930
This fixed my issue. The other two responses were good and would probably work in most other cases so I wanted to give them credit for that.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Here's a look at newsworthy articles and community happenings during the last month.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month18 days, 16 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question