Solved

"The security db on the srv does not have a comp acct for this wks trust...

Posted on 2013-06-13
7
341 Views
Last Modified: 2013-06-19
have seen and solved this error several times, but this particular case is a bit unique.

Brief Background:

We used backup software to "image" a machine on the domain and chose the option to restore to dissimilar hardware. This procedure worked pretty well. We had to enter a different Win7Pro license key and re-activate other commercial products, but that was all.

A few days later, the user on the machine from which the backup image was taken is now getting the error ("The security database on the server does not have a computer account for this workstation trust relationship"). This only happens, however, if she logs into her PC as a specific domain user. She can login successfully to other PCs on the domain as this user, and others can login successfully to her machine.

Before going through the usual rigmarole to fix this error, I wanted to check with the community to see if anyone else had run into this type of problem.

My first plan would be to detach and re-join this machine to the domain.
0
Comment
Question by:ziceman
  • 3
  • 3
7 Comments
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 39245493
You have two computers with the same SID.. you need to sysprep one of them
0
 

Author Comment

by:ziceman
ID: 39245556
OK. I did consider this, but we have imaged/cloned machines before without Sysprep or NewSID without running into this problem. Also, the domain controller at this site is only a Win 2003 server - certainly not the latest & greatest.

Are you certain this behavior is caused by the duplicate SID?
0
 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 39245570
A few days later, the user on the machine from which the backup image was taken is now getting the error ("The security database on the server does not have a computer account for this workstation trust relationship").  This is what makes me believe that there is a SID problem.
0
New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

 
LVL 23

Expert Comment

by:Nagendra Pratap Singh
ID: 39246592
Just you were lucky and had multiple machines with the same SID without any issues does not mean that you should carry on with this.

Sysprep is free. Let us know if you need any help with this on Windows 7 regarding usage.
0
 

Author Comment

by:ziceman
ID: 39253498
I have run Sysprep on the other machine and confirmed that they have different SIDs with PsGetSID. The individual is still having the issue. She has to unplug her PC from the LAN in order to login with her user name on her machine.

Is there another step left to perform?
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 39254641
remove that computer from the domain locally
in AD remove the computer account
rejoin the computer to the domain
0
 

Author Comment

by:ziceman
ID: 39256681
OK. We are almost home free on this. After removing and re-joining the domain, the machine is now able to logon with the designated user account again.

Just so I could test the operation of some of her apps/profile, she temporarily changed her password (use CTRL-ALT-DEL). When she came in the next day, she tried to change her pwd back, and it would not accept any - claiming that none met the requirements. But they definitely did - 8+ characters, etc., including the one she had used previously. She is stuck using the temp password.

I could potentially reset it manually on the DC, but really do not want to know her password.

Is this a related issue?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now