Help! Dc Says Security Db Doesn't Have Account For This Computer

[SailingNut]

OK,

 

I've had this problem with a couple of workstations in the domain before. With them I just un-joined the domain and re-joined the domain and presto, fixed! Well I had the same problem on another workstation where I didn't want to loose all of the local user account settings so I began searching on the Internet and found the following solution. One difference is that my problem is with a workstation. (I DID edit the workstation record NOT the server.) After doing that I applied a few updates that were available for the server and rebooted. Well now when I TRY to log into the server I'm getting the error paraphrased in the title. The full error is: "The security database on the server does not have a computer account for this workstation trust relationship."

 

I'm not completely shut out of my server! Any ideas?

 

Oh, I should mention that I'm pretty much a hack when it comes to server administration. This is a domain in my home with 5 client machines.

 

TIA!

[ICTCity]

Hi,

 

I can remember this problem, it SEEMS to be a problem related to DNS suffix.

 

Try this: (taken from here: http://social.technet.microsoft.com/Forums/en/itprovistanetworking/thread/31905c1a-5c25-4426-ac8d-677004c21f5d)

 

Computer to computer properties

 

Select the Tab which allows you to change the computer Name.

 

Ensure the computer name domain and suffix are in sync with the Domain (name).

 

Good Example>

 

Full Computer Name: DougLubeyComputerName.mydomain.com

 

Domain: mydomain.com

 

 

 

BAD example> (WHICH WILL CAUSE THE ERROR after upgrading to Windows vista SP1)

 

Full Computer Name: DougLubeyComputerName.mydomain

 

Domain: mydomain.com

 

 

 

Bad example is missing the ".com" after the "mydomain".

 

to note: the old style/old procedure on our network was to use the bad example becuase our computers would

 

not properly join the domain if we used the fully qualified domain name "mydomain.com". We had to use just

 

"mydomain" for the computer name, while full qualified domain name was automatically picked up whether or not

 

we entered "mydomain.com" or just "mydomain".

[SailingNut]

Unfortunately, I had already tried the suggestion that you gave here and it did not work.I then moved on to the suggestion in the link I posted and that's when trouble struck big time!

 

My big problem is that the server is doing that when I attempt to log in! It's really odd because I did not make any changes to the server account! I only edited the workstation account for the PC having the problem. So, I'm not sure if it is a problem with an update that I applied or what.

 

Luckily I have been running nightly full backups on the server so I should be able to restore to that. I just hope I can get into the restore console to do that. (I disabled the local machine administrator account for "security" reasons. Just like most pleaces advise you to do.)

 

I'm wondering if all of this is related to my botched server upgrade process that ICTCity helped me through a while back.

[ICTCity]

The problem occurs after the SP1, that's what MS says.

 

The server has no problem, or better, is not the guilty for this problem.

 

Can you login locally on the workstation, copy profiles and rejoin domain and finally re-copy all the profiles?

[SailingNut]

That may be possible, but the biggest thing is that when I try to locally log into the SERVER it gives me the same error! So I have one workstation that is a member of the domain that has the problem AND the server has the problem. That is the oddest thing to my, why would the server be messed up.

 

I should be clear, the server that I speak of is the only domain controler in the network. So it is not like I have a member server that is behaving badly and can't authenticate with the DC. The DC says it can't authenticate with itself!

[ICTCity]

Remembering what happened with your DC, you should backup your AD's users and set up another DC with the same domain name and same IP. Once it is UP and running, detach the old one.

 

Actually the only solution for that problem seems to be to un-join and re-join, same thing for the server but... well, removing a single DC from itself sounds a bit painful...

[SailingNut]

Luckily for me, I have been running a full backup every night, so I restored to that and the server is back in order.

 

On the workstation side, I'm probably just going to re-load it with Windows 7. (it currently has Vista.)

 

However, there is one more workstations that could possibly be hit with this. So, could you point me to a good resource for how to copy profiles and restore them? I need the "for dummies" version! -)

 

Thanks!

[ICTCity]

Well, I did it one time and I simply copied all the folders. But I had to restore only desktop and documents folder...it should be ok for you too

[ICTCity]

Uh you could also redirect all the profiles to a NAS. So you don't care about workstation. It is a policy :)

[SailingNut]

Was just thinking that maybe Windows Easy Transfer might work? What do you think? The next big thing would be exactly what settings, etc. Do I need to have Easy Transfer backup & restore.

 

Sounds like some homework for me!

[ICTCity]

You could test things with virtual machine. For me, you can save everything and then restore just the desktop and docs folder, if user needs other, you can easily restore the rest.

 

Never tried easy transfer, sorry