Problem
Users might have received following error when they attempting to log on to a Active Directory domain joined machine.
The Security database on the server does not have a computer account for this workstation trust relationship
Fix/Solution
Usually this error occurs if the problematic computer object in AD is disabled or deleted. You can either dis-join and re-join or reset the problematic computer object in AD if you have required Admin access.
Also check whether your local machine time is synced with DC server.
If you can’t resolve the issue using above stated method, you can follow the below steps:
- Open ADUC console (Active Directory Users and Computers)
- Click the menu View and make sure that Advanced Features is checked.
- Navigate to the organizational unit (OU) where the the problematic computer account resides.
- Open the Properties for the computer object
- Choose the Attribute Editor tab in the Properties dialog box
- Check the attributes dNSHostName & servicePrincipalName and make sure that the entry matches the host name that you have configured in your problem computer object (Start -> Computer -> Properties -> Full Computer Name)
dNSHostName: computername.domainname.com servicePrincipalName: HOST/computername.domainname.com
If you find that both entries are not matched, you can change the correct value.
- Restart the computer to reflect changes quickly and try to login again.
Advertisement