Loin to domain error : The security database on the server does not have a computer account for this workstation trust relationship

Active Directory Domain Controller 2008R2
Loin to domain error : The security database on the server does not have a computer account for this workstation trust relationship
DOMAIN-ERROR.gif
ThenkungAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris WongCommented:
Hi,
 
This issue may be caused by the following issues:
 
1.    The trust was created a long time ago, and the NETBIOS name was used to create it resulting in the name resolution used on the trust being NETBIOS, and not DNS.
2.    The firewall rules don't allow the Kerberos protocol to pass the firewall, and also not the domain controller locator to find a domain controller (UDP/389).
3.    You have already passed the problems above and logon errors are still happening. In this case, the syntax contoso\user works, but a UPN like user@contoso.com does not work.
 
For the possible solution, please refer to the following Microsoft TechNet article and blog:
 
Error: The security database on the server does not have a computer account for this workstation trust relationship
http://technet.microsoft.com/en-us/library/ee849847(v=WS.10).aspx
 
Solution to the Windows Exception: "The security database on the server does not have a computer account for this workstation trust relationship"
http://blogs.msdn.com/b/jongallant/archive/2008/11/19/solution-to-the-windows-exception-the-security-database-on-the-server-does-not-have-a-computer-account-for-this-workstation-trust-relationship.aspx
0
Seth SimmonsSr. Systems AdministratorCommented:
login as local administrator, remove from the domain and add again
sounds like the computer account was deleted
0
ThenkungAuthor Commented:
This server is domain controller 2008R2 and we have DC2003R2 with the same domain name inside . How about demote DC2003R2 and test restart 2008R2 and then login again.
Please recommend.
0
Seth SimmonsSr. Systems AdministratorCommented:
you're getting this ON the domain controller??

can you login to the other domain controller and check the 2008 R2 computer account if it is missing?  let's start with that

i wouldn't touch the 2003 server - especially don't demote it.  your 2008 R2 server is currently broken and messing with the 2003 server will make things worse
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Pramod UbheCommented:
this might be a cause - http://support.microsoft.com/kb/2015518
there are several commands to check duplicate spn in you forest
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.