New 2012 Domain Controller and error “The security database on the server does not have a computer account for this workstation trust relationship”

windows active-directory windows-7 domain windows-server-2012
6,472

Why does the error occur only when the 2012 DC is on?

Because the computer is connecting to the Windows 2012 Domain Controller, which does not have a record of it. This points to an Active Directory synchronization problem between that domain controller and the rest of your domain controllers.

How is the user able to log into the Windows 7 machine even if the computer account is disabled?

Possibly cached credentials allowing the user to bypass the domain check, or possibly the account is not disabled on the domain controller the computer is checking against.

Either way, you want to correct your unsynchronized domain ASAP - it's only going to get worse and harder to deal with the longer this goes on.

Share:
6,472

Related videos on Youtube

Admin
Author by

Admin

Updated on September 18, 2022

Comments

  • Admin
    Admin over 1 year

    I have a Windows Server 2012 domain controller on a domain DOM1 running at a Windows Server 2008 R2 domain and functional level. All other domain controllers in DOM1 are 2008 R2. DOM1 has a two-way non-transitive trust with another domain DOM2 running at a Windows Server 2003 forest and functional level.

    There is one Windows 7 machine on DOM1 that is on the same LAN as the domain controller. When a user with an account in DOM2 attempts to log into this machine, they get the error:

    The security database on the server does not have a computer account for this workstation trust relationship.

    When I power off the 2012 domain controller, the error does not appear and the user can log in. When I turn the DC back on, the user gets the error.

    Yesterday I turned the DC on, unjoined the Windows 7 machine from DOM1, then rejoined it. The user was then able to log in. Today, however, the user once again got the error. I turned the DC off and the user logged in.

    I noticed that after rejoining the Windows 7 machine to the domain, the computer account shows up in AD as disabled.

    A few other computers in the same location also get the error, however, most don't.

    Here are my questions:

    Why does the error occur only when the 2012 DC is on?
How is the user able to log into the Windows 7 machine even if the computer account is disabled?
  • Admin
    Admin almost 10 years
    Thanks for the answers. When I connect to the 2012 DC with ADUC, I do see the workstation that is having the problem. Does this still indicate a synchronization problem?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How can I find out which user groups my domain user belongs to?
Disabling computer in active directory is still allowing domain account to login?
How to display all accessible domains on Windows 7?
Folder Redirection GPO setting desktop but not showing it
How to explore the local active directory?
Fast User Switch Compatibility service missing in windows 7 prof. (domain member)
logging into domain - windows active directory - how it works
Installing software using local account Vs Active Directory login
Moving files unattended with cmd prompt
Active Directory setup with Profile Path and Home Folder