"The security database on the server does not have a computer account for this workstation trust relationship"
This is the message I am getting when I try to log into the only domain controller we have on the network. I have seen this before on workstations and have successfully repaired the trust relationship by unplugging the ethernet cable, logging into the workstation, reconnecting the ethernet cable, leaving and rejoining the domain. I tried unplugging the ethernet cable from the domain controller and logging in as it worked with workstations previously but had no success.
As this is the only domain controller we have, I am locked out of the DC. One positive is that I do have command line and shell access where I can run commands to attempt to repair the error.
Is there a way I can repair this error and gain access to the domain controller to "save the domain"?
Cheers.
asked May 31 at 19:58
reboot into DSRM and check event viewer for more info.
answered Jun 1 at 14:56
stronglinestrongline
5922 silver badges8 bronze badges
1
To solve this issue I was able to edit and remove some aliases within the registry. Specifically "LanManServer".
After removing additional aliases, I successfully logged into the domain controller!
answered Jun 19 at 16:49
1
Not the answer you're looking for? Browse other questions tagged domain-name-system active-directory windows-server-2019 or ask your own question.
There are always daily system issues that users have to deal with and one of these issues is the “The Security Database on the Server does not have a Computer Account for this Workstation Trust Relationship”. This is one type of specific error that never seems to go away and it sometimes appears when you try logging into the system. This issue appears on various versions of the Windows operating system but more on Windows Server OS. You may
want to see the following articles: How to synchronize your on-premises AD with Azure Active Directory using the Azure AD Connect tool, Configure TCP/IP Parameters: Post OS Installation and
configuration of Windows Server 2019 properties, and how to fix the trust relationship between this workstation and
the primary domain failed. What are the Causes of this problem? Please take a look at the [Part 1] guide “The security database on the server does not have a computer account for this workstation trust relation“.
I have listed out the possible causes of this issue below which also has a possible resolution path: Check a related guide on How to Quickly Fix Windows Search Bar Not Working
- Misconfiguration of time & date settings – A misconfiguration of the time & date settings on the server can cause this issue and display the error.
- Possibility of the connection between the client and the domain controller timing out – when a connection is timing out could lead to this type of issue.
- Issues with DNS & Windows Firewall – when there is an issue with DNS addresses or Windows Firewall may also lead to this kind of error.
Below are solution steps to the server login issue
It is now very important that the date and time on your server or personal system should be correct as this will help to avoid some issues related to date & timing. Though sometimes when your system BIOS restarts this could affect the correctness of the date and time and some individuals forget to reset or correct it.
a). Now Open Date and Time settings on your server.
b). In the Date and Time tab, confirm that your computer’s date and time settings are properly aligned with your current location. If you confirm that the time is not correct then you need to turn the Set time automatically option ON or OFF to adjust the setting.
c). If the “Set time automatically” option is turned ON you will be able to select the correct time zone from the dropdown list. After doing this restart the server and try to login again, by now the issue may be resolved with this guide.
If the above does not work, then you can also go via the Control Panel to synchronize your system time with an online time server which will always feed the correct time.
Follow these steps:
a). Open Control Panel through the start menu or typing “control.exe” in the Run box, and click OK.
b). In Control Panel at the top right side select View by: Category and click on the Clock and Region button to open this section.
c). Click on the Set the time and date button and in the Internet Time tab. Click the Change settings button.
d). Check the box next to the “Synchronize with an Internet time server” option and choose the “time.windows.com” in the server
drop-down and click on the Update and OK button.
Try logging in again to see if the issue still persists.
Checking for DNS and Firewall Issues
Sometimes this issue could be a result of a connection issue to the domain controller and there would be a need to check the DNS and Windows firewall if there are any issues within this area. Follow the steps below in order to set some Windows Firewall rules and reset DNS addresses.
a). Open the Command Prompt from the search box. Type and right-click Command Prompt, from the context menu select Run as administrator.
b). Type the following commands one after each other in the command prompt and press enter. Wait for the operation to complete successfully.
Try logging in again to see if the issue still persists.
Changing the Connection Setting
Sometimes this problem can be a result of a connection issue between the server and the domain controller which could be resolved by just removing the server from the domain and setting it back to the workgroup and rejoining the server back to the domain.
Follow the steps below on the resolution:
a). Right-click My Computer/This PC and from the context menu select Properties.
b). Click the Change
settings button at the right side of the Properties window.
c). In the Computer Name tab click the Change button at the bottom right part of the window. Under the Member of section, change from Domain radio button to Workgroup and click OK.
d). Restart the server and go back to the change settings section undo the earlier changes and switch back to the domain.
Try logging in again to see if the issue still persists.
Using PowerShell Commands
If you have tried all the above steps and the issue still persist, then you might need to try some PowerShell commands to try logging in. These commands have the reputation of fixing this kind of issue and the reason why we are mentioning it in this guide.
a). You can open the PowerShell by right-clicking the Start menu button and selecting the Windows PowerShell (Admin) option from the context menu.
b). If it is from the search box, you can search for PowerShell and right-click and select Run as administrator.
c). In the PowerShell console, type the below commands one after the other and click enter. Where you see the bracket in the below command should be replaced with your server information.
Hopefully, this command could be all that you need in saving your day in getting access to the server.
I hope you found this blog post on How to Fix “The Security Database on the Server does not have a Computer Account for this Workstation Trust Relationship” issue on Windows Server very interesting and helpful. In case you have any questions do not hesitate to ask in the comment section.