I’ve seen a lot of solutions, or suggestions rather, with regard to the error in the title of this post. In my experience, the problem can almost always be resolved without extra domain add/removes and reboots, which is the most prevalent solution I have seen around. Usually, this issue is due to a mismatch between attributes of the computer account in Active Directory and those values on the system itself. Here are the steps I take to fix this issue when it crops up:
- Open up Active Directory Users & Computers pointed to the domain the computer account resides in
- From the “View” pull-down menu, make sure that “Advanced Features” is checked
- Navigate to the part of your organizational unit (OU) structure where the computer account for this server resides
- Open the Properties for the computer object
- Choose the “Attribute Editor” tab on the Properties dialog box
- Check the Attributes dNSHostName & servicePrincipalName – anywhere that a fully qualified hostname is specified (e.g. myserver.mydomainname.com), make sure that the entry matches the hostname you have configured when you go here on your server: Start -> Computer -> Right-Click, Properties -> Change Settings (under “Computer name, domain… settings”) -> Full Computer Name
As an example, for a fictitious W2K8 R2 server whose Full Computer Name is “srv1.mydomainname.com”, these attribute/value pairs should be in Active Directory:
dNSHostName:
srv1.mydomainname.com
servicePrincipalName:
HOST/SRV1
HOST/srv1.mydomainname.com
RestrictedKrbHost/SRV1
RestrictedKrbHost/srv1.mydomainname.com
TERMSRV/SRV1
TERMSRV/srv1.mydomainname.com
If you find that any of these entries is incorrect, go ahead and fix them; once they all align correctly try logging in again. After you make any changes, please remember that it may take up to a few minutes for those changes to replicate between all of the Active Directory domain controllers. Adjusting these values usually works to get me past the error without a reboot in our environment.
Notes from a Sysadmin 
Was missing the following entries for a machine that I dcpromo’d off the network and then tried to rejoin it to the domain:
TERMSRV/
SmtpSvc/
WSMAN/
ExchangeRFR/
Now I should at least be able to login again and deal with other problems that have likely popped up.
Thanks for the insight!
THIS SAVED ME A HEAPS OF TIME TO LOOK AROUND FOR A SOLUTION. Thank you very much.
Double check these items and i i have them but i still cannot log in.. host name is correct.. damn what wrong…
Leroy – if none of the above helps, then it may be necessary to unjoin, delete the account, recreate it, and rejoin.
Thanks for posting this. You’re a life saver.
Hello my family member! I wish to say that this article is amazing, great written and come with approximately all important infos. I would like to peer more posts like this .
Thank you so much that fixed my issue.
I was having the same problem but all the fields were blank now after making the changes I,m getting same message on my server and can,t log into it.
Nice post. Here’s a tutorial that shows how you can easily build an online database-driven web application with a parent-child table relationship, without codinghttp://blog.caspio.com/web-database/creating-one-to-many-relational-datapages/
Ok, so does CASE matter in these instances?
Example: cnwood-x10.cn-wood.local
versus: CNWOOD-X10.cn-wood.local
.. some values for my ServicePrincipalName on the Hypervisor server I can’t log into vary only in case.. I assumed since my DC’s are VM’s now inside this physical box that was why I couldn’t log in .. currently wiping an old poweredge to make it a physical DC.. (shrug) ..
Oh! yeah .. Instead of doing that .. u can get the computer out form the domain, and delete the computer account from that domain and get it joined again .. hope that will get it fixed.
So in A D Users and Computers I can just delete the computer itself and reboot the screwed up machine and rejoin it to the domain somehow?
does this apply to server 2003 aswell for the fix because i can not find the attibute editor tab
thanks
Danie
Danie,
run-adsiedit.exe
I had set a service principal name for a domain service account (for ADFS) to the host DNS name for a computer in my domain. Could no longer log into that computer until I logged onto the domain controller and removed the SPN from that account
Thank you very much it helped me a lot
hi
hi,
it is not working
i having problem also after set .. i cant loin to the server share folder..
access deny
when i \\server in the Domain svr , it is come out ..\\server is not accessible… how to solve this
can i join with same name
anyone know this error message ” a trust relationship between this workstation and the domain failed”
oh…finally done, delete, and rejoined server. : )
Hi,
How do u done this. I have the same problem. I’m not able to login to my server now.
My issue was I was migrating cifs to another server and I added a spn for the old server to the new server. I just needed to remove the old computer account from AD and I could log back in.
One of my domain terminals did´t log in. So after trying all kinds of tricks i´d decided to rip it off from the domain deleting it.
I created it again using the same name it had before, but it started saying: “The security database on the server does not have a computer account for this workstation trust relationship”
So i started searching for some answers and i had follow the steps shown above.
Now i have bigger troubles, because that message begun to apear on my domain controller, so i cant access it.
Is there any solution…….i´d created a new domain controller on the same domain on the same root.
Please Help!
This article really saved m life. With some more thinking and these hints I got my solution 🙂
The thing was that there existed a server with the name “server07”. This Server had ’cause of some special reasons an alias named “serverXY”.
Now the funktionaltity what caused the alias moved to an own server which should be named “serverXY”. The alias in DNS was deleted, the new Server was named to “serverXY” and the error occured.
The solution was, and that was only visible with the adsiedit, to delete the value “serverXY” in “servicePrincipalName” from the AD computer account of “server07”. This entry was created while creating the alias but wasn’t deleted when the alias was removed.
So…. thanks a lot!
delete the profile and also remove it from the registry..this will definetly work when disjoining domain has refused
sall excellent if you have half an idea what you are doing – but i CANNOT find half of this on my 2003! please post pictures or better yet a video?! i am desperate! “Navigate to the part of your organizational unit (OU) structure where the computer account for this server resides” WHAT?!?! you are helping the needy, please understand if we were pro’s we wouldnt need the help
Had the same problem connecting a windows 7 laptop to windows 2003 domain. The three changes below
dNSHostName:
srv1.mydomainname.com
servicePrincipalName:
HOST/SRV1
HOST/srv1.mydomainname.com
sorted the problem out. THANKS !!!!!!
Though I had to remember our domain is .loc not .com….watch out for that one
I had big problems trying this. For some reason as soon as I logged off the server and tried to log into the SERVER again. It gave me this same error on the server…ahhhhh! Now I can’t login 😦 I’ve left it on so people can still get to the resources but why oh why can’t i get into the domain admin account!?
me too pls help
had this happen on a dc today out of the blue. our mail gateway does ldap lookups to check for valid recipients and it suddenly started failing. nobody ever touches the dc unless there is a good reason, so it was very puzzling. i checked the spn and dns entries in the attributes and all of them were present.
guess what fixed it? reboot. :-\ i hate problems that just appear out of thin air and then disappear like that.
Thanks Curtis! Your blog entry was the starting point to restore a troubled VM’s Domain account without rebooting.
I had to combine your notes with a setspn MS TechNet article since my servicePrincipalName entry was completely gone!
in any case. Thanks for saving me from a pointless reboot and annoying user outages.
Excellent!!! fix the issue and saved lot of time looking around….
I couldn’t even find the computer account for my server, I added it manually but now I can’t see any attribute editor tab. I’m working on windows server 2003.
I would add again the host to the domain, the problem is that I don’t have the local admin password for it so I cant even logon locally 😦
Any suggestions?
[…] knowledge: [1], [2], […]
[…] https://virtualcurtis.wordpress.com/2011/03/02/fix-the-security-database-on-the-server-does-not-have-… […]
Thank you very much!
This really saved ma time, thnx
Thanks ,really usefull information and it solved my problem
The next step is the 2-3 tablespoons of the decalcifying vinegar in the boiling chamber.
This episode introduces three people who are embracing creative solutions to the looming shortage of
drinking water – be it desalinating the ocean, catching rainwater or cleaning
up our rivers. First, why should I buy a product to put something into my body when I could have just as easy left it in
by filtering my water instead of using a pure water
distiller.
I’ve been having trouble with trust relationship between DC and a workstation named LOC07-07. I have left and rejoined the domain several times and have also deleted and recreated computer object in AD.
By way of history, a while back I moved the original machine named LOC07-07 to a different office and renamed it to LOC09-05. Later, I added a new machine name LOC07-07 to the domain. Using the tips from this blog, I just found that the SPN for LOC09-05 is still LOC07-07. Of course, this is wrong, but could this be the root cause of my problems?
Is best next step to unjoin LOC09-05, delete the computer account in the AD, and rejoin?
.
Thank you. Your solution worked! Saved me much time. Great post!
[…] I found fixes for the error here and here, hope they […]
I love this article, saved my life 🙂
I am sure this piece of writing has touched all the internet users, its
really really pleasant piece of writing on building
up new web site.
WOW just what I was looking for. Came here by searching for repair a pdf
+500! Since I’m still learning Win 2008 server and running a small home network environment; I was just about to give up and re-install the OS. Thank you greatly for saving me that ordeal!
Same content found here https://virtualcurtis.wordpress.com/2011/03/02/fix-the-security-database-on-the-server-does-not-have-a-computer-account-for-this-workstation-trust-relationship/
Heya i’m for the primary time here. I found this board and I find It truly useful & it helped me out much. I’m hoping
to provide one thing back and aid others such as
you aided me.
I can log in to my VM again.
Thank you!
Good blog! I really love how its easy to browse. I’m curious how I could be notified when a new article has been created. I’ve subscribed to your RSS which should do!
Have a nice day and plz excuse my poor english!
It worked ! Thank you
[…] https://virtualcurtis.wordpress.com/2011/03/02/fix-the-security-database-on-the-server-does-not-have-… […]
Yes, Thanks a lot The action on both attributes was the solution for my problem.
Lorena J.
I just had this situation happen to me, we had a contractor who made a VM template from our File server – but did not rename the server. I deployed a VM from the template and booted up and to my horror seen what he had done. My file shares are still accessible thankfully, and I can log onto the server – what I am going to do out of hours is repair it, as this is my file server, I cannot lose the ACL’s – so I am going to rename it on the domain – then rename it back to what it was. Does anyone know if this will work?
By cashing in on an online resource which supports
a Peru vacation you will be able to find out the many destinations that may appeal to you
or your vacationing group. A short canoe ride down the river
will bring our guests to a unique opportunity within the Bahuaja-Sonene National Park.
Be aware that it is a very popular vacation spot and you will be
waiting in a lot of lines all day, it is a pretty steep
entrance fee and you should be willing to deal out the bucks in order
to see these amazing ruins. My culture considers making others wait
for one disrespectful and reprehensible, I try very, and very hard
never to be late for any appointment I have made and do not like
to be kept waiting. Doubtless best known for its wealth of trekking routes,
not least the Inca Trail, Visitors to Peru are also blessed
with many other opportunities for adventure, including in one of the most challenging of all
Earth’s environments; the jungle. Good Travel Value
– Low Mileage Cash in for Frequent Flyer Rewards Peru is in South America,
an eight hour flight from Los Angeles.
I renamed the only domain controller on the network, and got the dreaded “The security database on the server does not have a computer account for this workstation trust relationship.” This is a Windows Server 2012 machine. After opening up a case with Microsoft, it seems the domain controller got renamed locally (in the registry), but did not successfully update the directory. So AD had no idea who the domain controller was that was hosting AD. Here is the fix.
Start the domain controller in AD Services Restore Mode via F8 at boot.
Change the computer name in the following 4 registry keys back to the OLD computer name, before you did the name change:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName “OLDSERVERNAME”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName “OLDSERVERNAME”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters “Hostname”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters “NVHostname”
Change the “Hostname” and “NVHostname” values to OLDSERVERNAME and restart the server it should now restart with the name OLDSERVERNAME and it should be functional as a domain controller
Hope this helps someone in dire need! nick -at- aryfi dot com.
thankyou .. it worked for me
[…] Courtesy of: https://virtualcurtis.wordpress.com/2011/03/02/fix-the-security-database-on-the-server-does-not-have-… […]
Superb blog! Do you have any recommendations for aspiring writers?
I’m hoping to start my own website soon but I’m a little lost on everything.
Would you propose starting with a free platform like
Wordpress or go for a paid option? There are so many options out there that
I’m completely overwhelmed .. Any suggestions?
Kudos!
I tried all this, but no joy – I still get the “no trust relationship … blah blah”. This is a virtual machine (Hyper-V), to which no-one seems to have local account information… An existing VM got copied & renamed, resulting in this irritating issue. Any more ideas?
Cause
The DCs Service Principle Name (SPN) has been duplicated and now exists as an attribute on both the DC as well as some other user or computer.
Back to the top | Give Feedback
Collapse imageResolution
Locate the duplicate SPN and remove it. This value can be found with SETSPN.EXE or LDIFDE.EXE. In this example the duplicate name is “2008r2spn-02”
setspn.exe -x
setspn.exe -q 2008r2spn-02*
ldifde.exe -f spn.txt -d -l serviceprincipalname -r “(serviceprincipalname=*2008r2spn-02*)” -p subtree
Go to –> administrative tool —> Active Directory Users and Computers —> under Computer/Computers, remove the duplicate SPN.
Simply changing the computer’s name often does the trick.
Excellent, what a website it is! This blog presents useful information to us, keep it up.
Wouldn’t be just in Win7, you just need to go to advance sharing and enable the network discover for the domain?
To be honest I still learning here. My issue started when I applied new policies to the domain and then tried to pull them from the DC. I kept getting an error stating that it was not able to authenticate the computer. I played around with it trying different things to get it to update using gpupdate /force but it would not. I am not sure how I got to the next issue I am currently dealing with right now which is I get the message upon attempting to login “The Security database on the server does not have a computer account for this workstation trust relationship”.
I am not sure what I did to have this happen, but I have tried to disjoin from the domain and rejoin the domain several times and I have not been successful with getting past this error. Lack of knowledge on my part I am sure is also to blame here. I have been poking around on the web to see if I can find information about this issue and what to do to fix it. It is drving me nuts because it is recgonized in DNS I can ping from the DC and the client they can talk but it just will not allow me to log in with my domain accounts. Anyway I appreciate the info from this blog and I will carry on in hopes that I will figure this out.
Thanks for the information. This has worked for me and allowed me to logon. But I’m after some more information and background. The computer in question sits behind a firewall on a separate subnet. The firewall permits the domain traffic in a test environment. This has allowed me to do some rebuilding and testing of the domain.
I’ve got two new domain controllers, and two member servers, one on the same subnet as the DC’s the other behind the firewall. The server on the same subnet joins the domain fine, yet every time the server behind the firewall seems to join the domain but does not allow the domain users to authenticate.
If I update the dNSHostName and servicePrincipalName as described above, it works fine.
So – why would one computer always not populate the attributes?
Jason
Good day! Do you know if they make any plugins to protect against hackers?
I’m kinda paranoid about losing everything I’ve worked
hard on. Any suggestions?
This website was… how do you say it? Relevant!! Finally
I have found something which helped me. Thank you!
I’m extremely impressed with your writing skills as well
as with the layout on your weblog. Is this a paid theme
or did you modify it yourself? Either way keep up the nice quality writing, it’s rare
to see a nice blog like this one today.
want to say a very big thanks and appreciation to DR fadeyi for bringing back my husband who left me and kids for almost 2 years within the space of five days after following all instruction given to me. i am very much grateful for restoring peace in my marital home’ i pray God almighty give you the strength and wisdom to help more people having similar problem like mine. for help you can
CONTACT HIM on this email :DOCTORFADEYITEMPLEOFSPELL@GMAIL.COM
You’ve left your kids leave your car. In way yellow
pages or go for better quality locks in old days
locksmiths would actually spend hours making the decision a few options service to protect your family and your family at risk.
Sometimes art is not strong enough. They’ve got to look for
before hiring? Cooling centers service will be on the floor plan and
advice can be sorted out who could stay.
Great delivery. Sound arguments. Keepp up the great work.
What’s up, yeah this article is really pleasant and
I have learned lot of things from it concerning blogging.
thanks.
FYI, I had this same error show up after joining a new server to a domain\renaming the server… after the reboot, I couldn’t log in… with the domain or local credentials.
My fix was just shutting down the new server and restarting, and then the login credentials worked and the error did not appear.
[…] even removed the computers from Active Directory but still got same message so then I tried this: https://virtualcurtis.wordpress.com/2011/03/02/fix-the-security-database-on-the-server-does-not-have-… only changing the servicePrincipleName to HOSTserver01 and HOSTserver01.smc.local and I got the […]
What’s up, I check your blogs regularly. Your writing
style is witty, keep up the good work!
you’re really a just right webmaster. The site loading
velocity is amazing. It kind of feels that you’re doing any distinctive trick.
In addition, The contents are masterwork. you have done a excellent activity
in this matter!
Hello just wanted to give you a quiick heads up.
The tet in your post seem to be running off tthe screen in Safari.
I’m not sure if this is a formatting issue or smething
to do with web browser compatibility buut I figured I’d post to let you know.
Thee design aand style look grezt though! Hope you
get the problem resolved soon. Thanks
Does anyone have the problem solved in a Windows Server 2003 with the domain controller replication in a windows server 2012 standard?
Want to contribute since this was a huge help. I used a source image in Amazon EC2 to create several machines. One of them was stuck with this issue. the info above for the offending computer was correct. -However- looking at other machines that I had used to replicate, they had conflicting info. Cleaning up the other machines sorted out the machine having a problem.
Thank you so much!
First of all, Am just short of words I don’t know what to say, am so grateful oghenerospelltemple to for what he has done for me. At first I thought he was a scam like two others that I worked with, but I just decided to contact him then he told me that my lover will be back home within 72 hours. When the 72 hours completed my husband called me and said he was sorry for the frequent argument and fight, I was so happy that my husband who left me for over 2 years called me. Now we are together he can’t do without me, he always wants me to be by his side and he just bough me a new car. If you want to contact him for help, his email is droghenerospelltemple
I got this web page from my pal who told me concerning this web page
and now this time I am browsing this site and reading very informative posts at this time.
[…] next solution I came across suggested using ADSI Edit to check the dNSHostName and servicePrincipalName […]
Just some extra info: You can change AD so it doesn’t expire computers off the network – not adviced from a security point of view. Also there’s an option to increase the amount of time it takes to expire them off.
try fashion human
FIX: The security database on the server does not have a computer account for this workstation trust relationship | Notes from a Sysadmin
That was a cool tip that saved my day.. Thanks a lot for sharing
Worked a treat for me. thanks!
I got this website from my friend who informed me concerning this
website and at the moment this time I am browsing this
web page and reading very informative articles here.
Thanks for one’s marvelous posting! I truly enjoyed reading it, you can be a great author.
I will remember to bookmark your blog and will
often come back down the road. I want to encourage that you continue your great job, have a
nice afternoon!
Rejoining the domain (after an exit) is a sure shot solution for this problem
@Curtis::: this issue is coming in one of our Domain Controller . please advise what should i do .
@Curtis::: and the domain Controller is in Remote location we dont have physical access to that . please do the needful.
thanks in Advance .
DUUUDE! Your fix saved my frigg’n life! Way …WAY too cool
magnificent submit, very informative. I wonder why the opposite specialists
of this sector don’t notice this. You must continue your writing.
I am sure, you have a great readers’ base already!
I had this problem on a client in the domän and the problem was solved by edition The dnashostname. BUT äter this, and some Windows updates on the server The exactly same problem is now on the server. I cant login to the server with The admin account.
Login to Server from local Account and in CMD type below command .
netdom.exe resetpwd /s:PDC NAME /ud:DOMAIN\ADMINISTRATOR /pd:*
enter your pdc name and domain\admin account.
Thx for your answer.
Ill give you som more info.
Servername is SJOADM
Domainname is SJOSTROM.LOCAL
I cant login local, exept from Safe Mode with:
SJOSTROM\Administrator
Not with SJOADM\Administrator
When Im trying to log in from normal boot with SJOSTROM.LOCAL\Administrator I get:
The security database on the server does not have a computer account for this workstation.
With: SJOADM\ADMINISTRATOR I get:
Wrong user or password but i know i have the right one.
SJOADM\ADMINISTRATOR is the only option with you because it is the local admin account if it is “Member server” .
please also confirm it is not Domain controller ?
@Imran :
if it member server you can run any password Recovery to reset admin password .
It’s a domain controller.
I managed to get into DSRM.
Where all serverroles fails. (DNS, DCHP, AD)
When I try to start them it just says that “The Server Is Not Operational”
In normal boot, those server roles “works”, with errors tho.
Fortunately, It’s a small company that has this server so I’ll spare the headache and just do a clean reinstall of the server.
if it is domain controller you can login to that by stopping the kerberos service from accessing its services through another PC or server .
in your PC right click go to manage and right click computer management and connect to another computer . from here stop kerberos service and then you can login to Domain controller from admin account with domain name .
after you login start the kerboros and reset the secure channel .
What… 5 years later and this one just did the trick for one of our 2008 web servers. Thanks!
EXCELLENT ARTICLE! I had to use ADSI Edit but it worked great. Too many amateurs out there say to just switch back to workgroup and rejoin domain. That’s easier said than done! Thanks for an elegant and useful solution, and also good background knowledge on AD.
[…] virtualcurtis‘ blog, the workaround is to fix two AD computer account attributes: dNSHostName and […]
I see some post that even after trying this post and rejoin the domain with deleting the object still face the issue.
To resolve the issue we need to see if any duplicate SPN is there.
hence run the setspn -x command to find the duplicate spn if you find any for the computer which are not able to login , remove the duplicate spn by running setpn -d host/fqnd account name . this resolved my problem
Thank you for the article! You helped me very much!
VMware Certified Advanced Professional 6 (Desktop and Mobility Deployment) – The industry-recognized VCAP6-DTM Deploy certification validates that you know how to deploy and optimize VMware Horizon 6 (with View) environments. It proves that you have the understanding and abilities required to leverage best practices to provide a scalable and dependable Business Mobility platform for your business. Some of the topics include: Configuring and managing Horizon View components, configuring cloud pod archituecture, configuring Group Policy settings related to Horizon View, Configuring and optimizing desktop images for Horizon View & Mirage, Configuring and managing App Volumes AppStacks, Configuring desktop pools, Configuring and deploying ThinApp packaged applications, Configuring VMWare Identity Manager, etc.Sebastian’s take on the VCAP6 examination: “In my personal viewpoint VCAP6 exam is way better experience in comparison with VCAP5, the new exam looks exactly like VMware HOL. The screen is a breeze, questions are sorted on the right side of the screen, and can be hidden aside or even restored when wanted. My advise on the questions windowpane: if you choose to make it floating, you must know how to restore it back. I ended up shifting it all around simply because I forget about how to restore it back. The two arrows that appeared to be control buttons on the top were used to dock the window to right of left. Fonts can be resized, which i believe was a lot better than scrolling down and up the question. The reaction speed of the entire interface was so considerably quicker in comparison with VCAP5.5, and there wasn’t any lagging period experienced when changing from window to window. One thing to remember: BACKSPACE key is not working! I believe it is good since you don’t reload your exam window in error, but, it could be irritating at times when you type something mistakenly and you need to select and press Del to remove. The Desktop and shortcuts were sorted very well, and all required applications like browser or Mirage console can be launched. You will find there’s decent interface for Remote Desktop Manager and you’ll discover all essential RDP connection to servers or desktops without having to type username and password. The web browser had all the links in the Favorite Bar. Right at that moment I am writing this, there is no additional Thirty minute extension for Non-Native English speaker at No-Native English country, which is actually a bummer. There are thirty-nine question to fill out within the 3 hours time period, and this can be actually really hard for non-native English speakers like me. A number of questions take time to complete, so it is best to neglect the questions that you can’t respond to, and finish those you can. At the end of the 39 questions, you are able to resume the uncompleted questions if you happen to still have time. Don’t squander a long time on one single question! The examination blue print are available on my blog site at Szumigalski.com. It is well-organized and following it for the examination preparation will be helpful to a lot. Surely, the most suitable is if you’ll have numerous practical experience! I’m in fact very happy with the exam experience, though I passed this time by tiny margin, but I really know what I missed for the exam, learn from the blunders and practice harder to get familiar myself with the environment. This certification will clearly open up your career prospects!”
the fastest way is to disconnect and re-join the workstation to the Active DIrectory.
This worked for me. Thanks so much for the clear step by step instructions.
website
FIX: “The security database on the server does not have a computer account for this workstation trust relationship” | Notes from a Sysadmin
Thanks – we had a situation where we tried to P2V a server, services failed to start on the new VM, so we renamed the VM and used it to fix the problem, while keeping the original server in production.
Fixed the service issue, deleted test VM, went to re-virtualise… Original machine could not be logged into due to trust issues.
Could not log in through local account, with same errors.
Seems AD had updated it’s record of the computer with the newly renamed, and since deleted VM.
Adding the original SPNs to the attributes of the newly named entity in ADUC allowed us access to the original machine again!
+1 for the suggestion.
[…] https://virtualcurtis.wordpress.com/2011/03/02/fix-the-security-database-on-the-server-does-not-have… […]
Your style is very unique compared to other people I’ve read stuff from.
I appreciate you for posting when you’ve got the opportunity, Guess I’ll just bookmark this web site.
This worked for me. Thank you very much. Good share.
I wanted a better fix than having to travel to someone’s office to take the pc off the domain and put it back on. As I was navigating to do what you said, I actually found another fix. I clicked on AD Computers, clicked on employees where it listed all employee computer names. I noticed that the pc in question was disabled (indicated by a down arrow) . I right-clicked and choose enable account and that did the trick. Thank you for your help.
[…] https://virtualcurtis.wordpress.com/2011/03/02/fix-the-security-database-on-the-server-does-not-have… […]
The information in this post worked for me. Many thanks!!
Chasing this issue since last night. This was a LIFESAVER. The DNS name was duplicated in the attributes on a different machine. Resolved that and all was good.
Thanks
7 years later, and it worked for me 🙂
[…] https://virtualcurtis.wordpress.com/2011/03/02/fix-the-security-database-on-the-server-does-not-have… […]
Thanks, thanks, 8 years later, 2016 AD DS Server went viral and got stuck after cloning , this solved the issue, I was planning a reinstall, you saved my day.
recent post by Zjstxbwg.com
FIX: “The security database on the server does not have a computer account for this workstation trust relationship” | Notes from a Sysadmin
Thank you, cloned a physical machine to VM, renamed the VM and it knocked the physical machine out.
Manually created entrys with information here for the physical machine.
Then also ran setspn -R Serverhost.domain.local
After a restart the message “The security database on the server does not have a computer account for this workstation trust relationship” Wasn’t present but i got a new message about the domain controller not trusting.
Logged into local account and via power shell.
$credential = Get-Credential – (enter domain admin account when prompted)
Reset-ComputerMachinePassword -Server Domaincontrollerhere
Was able to log in again, hope this helps someone!
Major Energy Transition
FIX: “The security database on the server does not have a computer account for this workstation trust relationship” | Notes from a Sysadmin
unconditional love
FIX: “The security database on the server does not have a computer account for this workstation trust relationship” | Notes from a Sysadmin
Masterful Thinking
FIX: “The security database on the server does not have a computer account for this workstation trust relationship” | Notes from a Sysadmin
Tronsr.Org
FIX: “The security database on the server does not have a computer account for this workstation trust relationship” | Notes from a Sysadmin
[…] The main Problem is, that one of the Domain Members has started to issue the error “The security database on the server does not have a computer account for this workstation trust relationship” upon logon (again around 2 months ago). Initially I’ve resolved this by disjoining and the rejoining the Workstation, but as this error came more than once, I’ve tried then the solution mentioned here. […]
[…] If you have access to AD through some way, try the steps in this article. […]
[…] I found fixes for the error here and here, hope they […]
[…] FIX: “The security database on the server does not have a computer account for this workstatio… […]
dedicated windows server
FIX: “The security database on the server does not have a computer account for this workstation trust relationship” | Notes from a Sysadmin
dedicated server ukraine
FIX: “The security database on the server does not have a computer account for this workstation trust relationship” | Notes from a Sysadmin
successful life Coach
FIX: “The security database on the server does not have a computer account for this workstation trust relationship” | Notes from a Sysadmin
Thanks for this wonderful content…
But If you’re delving into the fruit niche, this link is a must-visit: https://www.nourishwithfruit.com/how-do-you-soften-an-avocado-in-2-minutes/. It’s a game-changer for anyone looking to quickly ripen avocados.