The security database on the server does not have a computer account for this workstation trust relationship

27426

The security database on the server does not have a computer account for this workstation trust relationship – I am not sure how many of you have come across an error which says “The security database on the server does not have a computer account for this workstation trust relationship”. Most of the times I have seen this error when the machine is turned off for a very extended period of time & when powered on if the user tries logging in, the workstation trust relationship error is seen. One of the most easiest fix for this error is to rejoin the computer to the domain. This would require the computer account to be joined back to the domain and a reboot.  This solution works for most of the times, however I have come across many instances where the domain rejoin didn’t fix this issue. So why do we see this error ? – this issue is due to a mismatch between attributes of the computer account in Active Directory and those values on the system itself.

workstation trust relationship

 

If you are planning to fix this error by rejoining the computer to the domain then follow the below listed steps :-

1) First unjoin the computer from the domain and make sure you set a local administrator password on machine or set an user account password which is a member of local administrators group.

2) Reboot the machine.

3) On the domain controller, go to Active Directory Users and Computers and delete the computer account.

4) This may take up to a few minutes for the changes to replicate between all of the Active Directory domain controllers. So wait for few minutes.

5) Rejoin the machine to the domain.

 

If the above method doesn’t fix the issue then try the below steps :-

Suppose that your computer name is WIN7.PRAJWAL.LOCAL, Open the Active Directory Users and Computers, locate the computer object, right click the computer object & click Attribute editor. You should see the below listed attribute pairs or values in attribute list.

dNSHostName: WIN7.PRAJWAL.LOCAL

servicePrincipalName:

HOST/WIN7
HOST/WIN7.PRAJWAL.LOCAL
RestrictedKrbHost/WIN7
RestrictedKrbHost/WIN7.PRAJWAL.LOCAL

If you find that any of these entries is incorrect for your computer object, go ahead and modify them to the correct one. Once you fix the entries then you should be able to login.  Note that when you make any changes, please remember that it may take up to a few minutes for the changes to replicate between all of the Active Directory domain controllers. So this method works fine & does not need a reboot of the machine.

workstation trust relationship

  • Fanatoli Guyoff

    There’s got to be a better way. Came back from over the weekend and about 45 of the 300 computers are saying this. Rejoining 45 to the domain is not something I wanted to spend my week doing. Haven’t had this error in the 5 years since I set up the server / client computers at this location.