?
Solved

Workstation Trust Relationship

Posted on 2013-05-23
5
Medium Priority
?
865 Views
Last Modified: 2013-05-29
A while back we deleted a computer (windows 7) out of AD and then tried to re-add it with the same hostname. It shows up in AD when it's added and all the attributes look good but when I go to log in to the machine it says:

"The security database on the server does not have a computer account for the workstation trust relationship."

I've tried removing it from the domain and re-adding it. I've tried using the netdom resetpwd, I've tried so many things I've found online I don't even remember what they all are. :)

I looked through DNS and DHCP entries (windows server 2003) and don't see any issues with that. If I change the hostname on it I can log in just fine. Any other ideas on what to try?  

Please let me know if you need some more details and thank you!
0
Comment
Question by:Winsoup
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 900 total points
ID: 39192743
Have you tried Joe's machinepwd utility.   Can't hurt to try it at this point.  You have done a lot already and usually the steps you have taken fix the issue.

http://blog.joeware.net/2012/06/07/2513/

Thanks

Mike
0
 
LVL 12

Assisted Solution

by:Julian123
Julian123 earned 900 total points
ID: 39192772
Another option I would try is:
1. Disjoin the computer from the domain if possible
2. Delete the Active directory for the computer
3. Rename the computer and reboot it
4. Rejoin the domain

This helps get rid of any issues involving having a previous account around.
0
 
LVL 3

Author Comment

by:Winsoup
ID: 39194281
I tried that utility with no luck. I also found this (link below) and ran it and when I ran the nltest utility it came back with "bad password" so I ran the netdom resetpwd utility and ran the test again and it came back successful but I still can't log in with this hostname. Here are the steps I used.

Julian, I can log in if I change the hostname but I don't want to have to change the hostname to something that's out of the naming convention.

*Doesn't look like my link worked* Here it is:

http://www.cievo.sk/2012/02/21/reset-computer-accounts-in-active-directory-domain/
0
 
LVL 3

Accepted Solution

by:
Winsoup earned 0 total points
ID: 39194342
Got it, the "service principal name"had an entry that was the same as another machine for some reason. I changed the other machine to what it was supposed to be and it works now.
Thank you for the help!!
0
 
LVL 3

Author Closing Comment

by:Winsoup
ID: 39203930
This fixed my issue. The other two responses were good and would probably work in most other cases so I wanted to give them credit for that.
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question