The security database on the server does not have a computer account for this workstation trust relationship

After entering the computer with Windows 7, when I try to log on to this PC using a domain user account (and even a domain administrator), an error appears:

It doesn’t have a computer account for this workstation trust relationship.

What is The security database on the server does not have a computer account for this workstation problem?

It is possible to log into the machine only from under a local account (if you disconnect the network cable, you can log in using a domain account that previously worked on this PC, credentials of which are in the cache of the PC – cached credential)

On the Internet there are several methods of dealing with this error, in various cases can help a different way. I will list these methods in order of increasing complexity of implementation:

1) Exclude this PC from the domain, and then re-enable Windows to the domain

2) Delete the computer account in the domain and turn on the PC to the domain again

3) A computer account may not have an SPN (Service Principal Name) record. This entry is stored in the Active Directory attribute named servicePrincipalName. In this case, computer properties in the ADSIEdit window may look like this.

In this case, you need to add two SPN records to the specified attribute in the format:


4) It is also possible that such an error occurs if another computer in the domain in the servicePrincipalName field has an entry with the name of your problem computer.

For example, for a computer named DACZC561232, the servicePrincipalName attribute contains a value with the name of your computer:

dn: CN = DACZC561232, CN = Computers, DC = winitpro, DC = en
changetype: add
servicePrincipalName: HOST / DACZC561232
servicePrincipalName: HOST / ProblemPKName.test.local

To find a computer with which a conflict arises, use the command:

ldifde -f C: \ SPNList.txt -d DC = winitpro, DC = en -l serviceprincipalname -r (serviceprincipalname = *)
As a result, the SPNList.txt file will contain the list of servicePrincipalName field values ​​for all computers in the domain, among which you will have to find a duplicate. Further account of this computer – duplicate will have to be deleted.


If you want inspire us to write new blogs please share this post with your friends and support us :)