The security database on the server does not have a computer account for this workstation trust relationship
After changing my password I now get the following error message and cannot login: "The security database on the server does not have a computer account for this workstation trust relationship" None of my IT support people know what this means. If I disconnect from the network, the computer boots fine. If I plugin the network cable I am immediately connected to the network and have full access to all assigned resources - ie it recognizes my creditentials. I think that this is occuring after some kind of security update to Win7. Anyone else seen this?TheColorMan
April 20th, 2011 8:29am

Hello, so the Windows 7 machine is a domain member? Let's start with excluding DNS, please post an unedited ipconfig /all from the DC/DNS servers and the problem client. Is the Windows 7 machine installed from a not sysprepped image/clone? Is it listed in AD UC in an OU or the computers container? Is it registered in the DNS forward/reverse lookup zones?Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
April 20th, 2011 8:34am

Here is the ipconfig /all dump. The computer is a 1yr old Dell that came preloaded with Win 7 x64. I has worked just fine with the domain until two weeks ago when I changed my password. Since then I cannot boot the computer while connected to the network - neither by ethernet or by WiFi. However, if I am not connected to the network and my WiFi is off, then I can boot using my new password and once booted I can plug in the ethernet cable or activate the WiFi and I am immediately connected to the domain. It recognizes and accepts my credentials. Windows IP Configuration Host Name . . . . . . . . . . . . : USCRL2X7FL1-L Primary Dns Suffix . . . . . . . : prod.sunchemical.com Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : prod.sunchemical.com sunchemical.com Ethernet adapter Local Area Connection 2: Connection-specific DNS Suffix . : prod.sunchemical.com Description . . . . . . . . . . . : LAN9500 USB 2.0 to Ethernet 10/100 Adapte r Physical Address. . . . . . . . . : 00-50-B6-49-86-0F DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::6190:2f5f:25b0:fead%15(Preferred) IPv4 Address. . . . . . . . . . . : 10.47.48.62(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.252.0 Lease Obtained. . . . . . . . . . : Wednesday, April 20, 2011 1:10:03 PM Lease Expires . . . . . . . . . . : Saturday, April 23, 2011 1:10:03 PM Default Gateway . . . . . . . . . : 10.47.48.1 DHCP Server . . . . . . . . . . . : 171.74.65.73 DHCPv6 IAID . . . . . . . . . . . : 721440950 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-37-4E-C1-B8-AC-6F-57-AD-03 DNS Servers . . . . . . . . . . . : 171.74.65.82 10.156.34.248 Primary WINS Server . . . . . . . : 171.74.65.72 NetBIOS over Tcpip. . . . . . . . : Enabled Wireless LAN adapter Wireless Network Connection 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter Physical Address. . . . . . . . . : 00-21-6A-AE-C4-A7 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : quadriga.com Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet Physical Address. . . . . . . . . : B8-AC-6F-57-AD-03 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Wireless Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : prod.sunchemical.com Description . . . . . . . . . . . : Intel(R) WiFi Link 5300 AGN Physical Address. . . . . . . . . : 00-21-6A-AE-C4-A6 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.prod.sunchemical.com: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : prod.sunchemical.com Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.quadriga.com: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes C:\Users\Danny.Rich.PROD>TheColorMan
April 20th, 2011 5:02pm

Hi, Did the issue begin to occur after changing the password immediately? When you said that “If I plugin the network cable I am immediately connected to the network and have full access to all assigned resources…”, do you mean network sharing access? Please clarify it. Does the error only occur on one user account? You can also create a test user under the same OU\group as a test. Any progress? For further troubleshooting, please refer to the following suggestions: Suggestion 1: --------------------- Go to Active Directory Users and Computers, find the problematic Windows 7 computer, make sure this computer account is not disabled. Suggestion 2: --------------------- Check the following group policy setting, make sure it is correctly defined. Computer Configuration/Administrative Templates/Network/DNS Client/Primary DNS suffix Suggestion 3: --------------------- a. Start > Run > ADSIEDIT.MSC. Go to Domain Partition, find the Windows 7 computer b. Right click, choose Properties, double click servicePrincipalName c. Add value: HOST/computername, HOST/computername.domainname, if any other HOST is missing, please also add it. If the issue persists, please help gather the following files for research. Event log on problematic Windows 7 client ------------------ 1. Click "Start", input "eventvwr" in the Search box and press Enter. 2. Expand the "Windows Logs" node on the left pane, right-click on "Application" and click "Save All Events As"; in the pop-up window, click to choose the Desktop icon on the left frame, input "app" in the "File name" blank, and then click save. 3. Right click on "System", with the same method, save it as "sys". 4. Right click on "Security", with the same method, save it as "sec". 5. Locate the two saved log files on the Desktop and send them to us. Event log on Logonserver --------------------- 1. Open Command Prompt, type "set l" and press Enter. Then, we can see the logonserver. 2. Gather the event log with the above steps. GPMC log ------------- a. On domain controller, click Start -> Run, type GPMC.MSC, it will load the GPMC console. b. Right click on "Group Policy Result" and choose wizard to generate a report for the Windows 7 problematic computer and user account. (Choose computer and select the proper user in the wizard) c. Right click the resulting group policy result and click the "Save Report…" => save report to save the report to a HTML file. Please locate the saved files for research. Upload these file to the following workspace. You can upload the information files to the following link. (Please choose "Send Files to Microsoft") Workspace URL: (https://sftus.one.microsoft.com/choosetransfer.aspx?key=ec6e0d7f-68b9-4467-8396-edeadbb9ef45) Password: A2AXdkR$+2Xc Note: Due to differences in text formatting with various email clients, the workspace link above may appear to be broken. Please be sure to include all text between '(' and ')' when typing or copying the workspace link into your browser. Meanwhile, please note that files uploaded for more than 72 hours will be deleted automatically. Please ensure to notify me timely after you have uploaded the files. Thank you for your understanding. Thanks. NinaPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
April 22nd, 2011 4:35am

1. The problem began at the next time that I attempted to logon to the domain, after changing my password. 2. I do not have access to the server utilities to examine users - I am not a network administrator and the current administrators refuse to support Windows 7 in their all XP network. However, if I do not connect the ethernet cable, I have no problem booting the computer. Then if I plug in the network cable, the domain recognizes my credentials and I am attached to domain. I have access to all of the features that I previously had. So DNS does not seem to be the problem here (unless DNS means something different than I am familiar with in an ethernet network). 3. I have uploaded the logs that you requested for APPLICATION, SECURITY, SYSTEM. I have some other tasks to do now and will get the logs from SetI later. TheColorMan
May 6th, 2011 8:55am

For us, it was the schema mod to our Win2003 domain to support Server 2008 R2 Domain Controllers. Increments the the KRBTGT account. We HAVE NOT, repeat have not, ever done an authoritative restore. All the other pieces of the article fit, though, including a nagging DCOM error from some 3rd party software on some of our servers (bottom of the support article below) All described here : http://support.microsoft.com/kb/939820. Applying the hotfix on the remaining Server 2003 DCs resolved it. This article talks about viewing the version of the KRBTGT account http://imav8n.wordpress.com/2007/12/19/replication-version-number-for-your-krbtgt-account-password/. It was actually the Org. Time/Date value that clicked with us - March 30th - exactly when we started to see these DCOM issues and "The security database on the server does not have a computer account for this workstation trust relationship" in our Terminal Services farm. JC
Free Windows Admin Tool Kit Click here and download it now
May 6th, 2011 12:14pm

The first reply that makes sense to me. I have asked our administrator to check this out.TheColorMan
May 6th, 2011 12:26pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics