Receiving Error – ‘ The security database on the server does not have a computer account for this workstation trust relationship ‘

Filed Under (Dorky Stuff, Tech Stuff) by admin on 22-05-2013

             Modified 2013f May 2013 03:04:44 PM

I ran across this issue after having to replace a Windows 2008 R2 System.  I wanted to keep the server name of the new system the same as the old –  (SERVER1) because I wanted to prevent end users from having to delete and re-add any of their network printer resources.  Additionally, many antivirus software clients running on desktops/laptops communicated with this specific server name for their virus definition updates.
I renamed the old server “SERVER1″ –TO–> “SERVER5″  and brought the brand new system online as “SERVER1″ and joined it into the DOMAIN without issue.  I needed the old server to remain online in the event of a problem.  The system actually ran perfectly fine but a week later I began receiving the trust relationship error shown below when I would try and login to the console with the administrator account.  On one of the network domain controllers I saw the System Event 11 generated as shown below:

Domain Controller Showing System Event 11 Error

 

Windows 2008R2 Error When Attempting to Login With Administrator Account

According to Microsoft – http://support.microsoft.com/kb/321044/en-us

This problem occurs because two or more computer accounts have the same service principal name (SPN) registered. Event ID 11 is logged when the Key Distribution Center (KDC) receives a ticket request, and the related SPN exists more than one time when it is checked on the global catalog (GC) for forestwide verification.  My simple explanation is that the original process of switching SERVER1 to a new temporary name didn’t go right.

The fix was pretty painless.  On the problem server open up a command line and type the following replacing SERVERNAME with the problem system (In this example SERVER1)
note-the first character is an l and not the number 1

ldifde -f c:check_SPN.txt -t 3268 -d “” -l servicePrincipalName –r “(servicePrincipalName=HOST/ServerName*)” -p subtree

Now find the file check_SPN.txt on your drive

The contents of the check_SPN.txt file that is generated should show something similar to the following.  Using the following output information SERVER1 is the system we are having trouble with.  SERVER2 is no longer in service.  As you can see the second portion of the output has a mix of both SERVER1 and SERVER 2 in its output

dn: CN=SERVER1,OU=Servers,DC=YOURDOMAIN,DC=com
changetype: add
servicePrincipalName: WSMAN/SERVER1
servicePrincipalName: WSMAN/SERVER1.YOURDOMAIN.com
servicePrincipalName: TERMSRV/SERVER1
servicePrincipalName: TERMSRV/SERVER1.YOURDOMAIN.com
servicePrincipalName: RestrictedKrbHost/SERVER1
servicePrincipalName: HOST/SERVER1
servicePrincipalName: RestrictedKrbHost/SERVER1.YOURDOMAIN.com
servicePrincipalName: HOST/SERVER1.YOURDOMAIN.com

dn: CN=SERVER2,OU=Servers,DC=YOURDOMAIN,DC=com
changetype: add
servicePrincipalName: HOST/SERVER2
servicePrincipalName: RestrictedKrbHost/SERVER2
servicePrincipalName: TERMSRV/SERVER2
servicePrincipalName: WSMAN/SERVER2
servicePrincipalName: WSMAN/SERVER1.Mcbassoc.com
servicePrincipalName: TERMSRV/SERVER1.Mcbassoc.com
servicePrincipalName: RestrictedKrbHost/SERVER1.Mcbassoc.com
servicePrincipalName: HOST/SERVER1.Mcbassoc.com

Hop into your domain controller and open “Active Directory Users and Computers” and right-click on your domain.  Click “Find” and change the drop down option to “Computers”.  Type the server name that is the equivilent to SERVER2 in the above example and DELETE it.  You should now be able to login to SERVER1 and carry on with your day!

 

Comments:

5 Responses to “Receiving Error – ‘ The security database on the server does not have a computer account for this workstation trust relationship ‘”


  1. Woω, ωonderful blog layout! How long have you been blogging for?
    you mаde blogging look easу. The oνerall loοk of yоur ωeb site is exсellent, as
    well as thе cоntent!


  2. Everything is very open with a really clear explanation of the
    issues. It was really informative. Your website is very useful.

    Many thanks for sharing!


  3. Yes! Finally someone writes about flu.


  4. Quality content is the important to interest the visitors to go to
    see the website, that’s what this site is providing.


  5. Oh my goоԁness! a wonderful post dude.
    Apрreciate iit On the other hand My business iis experiеncing issue wіth ur
    гss . Don’t know why Unable to enгoll in it.
    Perhaρs theгe iѕ anу individuаl finding idеntical гss ρroblem?
    Anyone who knows kkindly respond. Thnkx

    My wеb-site :: where do i buy garcinia cambogia

Leave a Reply

You must be logged in to post a comment.