Avantgarde Technologies

<a href="http://www.avantgardetechnologies.com.au">Avantgarde Technologies</a>
Perth's IT Experts

Thursday, June 2, 2011

The security database on the server does not have a computer account for this workstation trust relationship

After joining a new Windows Server 2008 R2 member server to the domain I was not able to log in, even with a Domain Admin account. The following error was experianced:

The security database on the server does not have a computer account for this workstation trust relationship



After some investigation it turns out the computer new computer account did not have a SPN (Service Principal Name). This is stored in the servicePrincipalName attribute in Active Directory. Below is a screenshot from ADSIEdit:



I added two SPN's to the computer account object in Active Directory in the format of:

HOST/COMPUTERNAME
HOST/COMPUTERNAME.domain.local




I was then able to log in to the new workstation.

6 comments:

  1. Nice post. Here’s a tutorial that shows how you can easily build an online database-driven web application with a parent-child table relationship, without codinghttp://blog.caspio.com/web-database/creating-one-to-many-relational-datapages/

    ReplyDelete
  2. I wanted to thank you for this excellent read!! I definitely enjoyed every little bit of it. I have you bookmarked your site to check out the new stuff you post.
    data recovery irvine ca

    ReplyDelete
  3. Can you suggest what can be done if get this error on AD, and i am not able to login to AD with the local account as well....

    ReplyDelete
  4. Add the SPN entries using ADSIEdit as per my instructions above.

    ReplyDelete
  5. Why is this happening though any ideas?

    ReplyDelete