All LessonsWindowsWindows 7

How to fix the security database on the server does not have a computer account for this workstation trust relationship easily

How to fix The security database on the server does not have a computer account for this workstation trust relationship error in Windows server

Related post : How to Use Resource Monitor to Find Which Process Has Locked…

After entering the computer with Windows 7, when I try to log on to this PC using a domain user account (and even a domain administrator), an error appears:

It doesn’t have a computer account for this workstation trust relationship.

What is The security database on the server does not have a computer account for this workstation problem?

It is possible to log into the machine only from under a local account (if you disconnect the network cable, you can log in using a domain account that previously worked on this PC, credentials of which are in the cache of the PC – cached credential)

On the Internet there are several methods of dealing with this error, in various cases can help a different way. I will list these methods in order of increasing complexity of implementation:

1) Exclude this PC from the domain, and then re-enable Windows to the domain

2) Delete the computer account in the domain and turn on the PC to the domain again

3) A computer account may not have an SPN (Service Principal Name) record. This entry is stored in the Active Directory attribute named servicePrincipalName. In this case, computer properties in the ADSIEdit window may look like this.

Related post :HOW TO DISABLE USB PORTS 

In this case, you need to add two SPN records to the specified attribute in the format:

HOST / COMPUTERNAME
HOST / COMPUTERNAME.test.local

 

4) It is also possible that such an error occurs if another computer in the domain in the servicePrincipalName field has an entry with the name of your problem computer.

For example, for a computer named DACZC561232, the servicePrincipalName attribute contains a value with the name of your computer:

dn: CN = DACZC561232, CN = Computers, DC = compspice, DC = en
changetype: add
servicePrincipalName: HOST / DACZC561232
servicePrincipalName: HOST / ProblemPKName.test.local

To find a computer with which a conflict arises, use the command:

ldifde -f C: \ SPNList.txt -d DC = winitpro, DC = en -l serviceprincipalname -r (serviceprincipalname = *)
As a result, the SPNList.txt file will contain the list of servicePrincipalName field values ​​for all computers in the domain, among which you will have to find a duplicate. Further account of this computer – duplicate will have to be deleted.

Interesting blog : HOW TO RECORD VIDEO FROM COMPUTER SCREEN WITHOUT PROGRAMS IN WINDOWS 10

 

Related Articles

Check Also
Close
Back to top button