Domain Controller does not have a computer account for this workstation trust relationship

active-directorywindows-server-2008

We've had an ongoing issue for a while and I'm here on a Saturday to try and figure it out, and I think I've found the problem, just not the cause…

For a few months our second domain controller has stopped responding to LDAP randomly. Initially we didn't pay too much attention, just restarted it and it's all good.

When I try to login, I get this error:

The security database on the server does not have a computer account
for this workstation trust relationship.

I've checked all the "common" solutions for this error according to various forums and blogs; checking domain suffixes and ADSI Edit to verify the computer account has all the correct hostnames. Most of these blog posts are talking about a client computer, or non-DC server though so I'm not too keen to demote the controller, leave the domain, re-join and re-promote it.

Event Viewer "System" shows various errors:

The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was SVW08-DC2$ and lookup type 0x0.

Best Answer

Digging deeper into the Event Viewer under "Applications and Services Logs" -> "Directory Service" I found the actual errors causing the problem -- it appears to be failing hardware:

NTDS (484) NTDSA: An attempt to write to the file "C:\Windows\NTDS\edb.log" at offset 4599808 (0x0000000000463000) for 512 (0x00000200) bytes failed after 51 seconds with system error 1117 (0x0000045d): "The request could not be performed because of an I/O device error. ". The write operation will fail with error -1022 (0xfffffc02). If this error persists then the file may be damaged and may need to be restored from a previous backup.

NTDS (484) NTDSA: Unable to write to section 0 while flushing logfile C:\Windows\NTDS\edb.log. Error -1022 (0xfffffc02).

NTDS (484) NTDSA: The logfile sequence in "C:\Windows\NTDS\" has been halted due to a fatal error. No further updates are possible for the databases that use this logfile sequence. Please correct the problem and restart or restore from backup.

NTDS (484) NTDSA: Unable to rollback operation #65054 on database C:\Windows\NTDS\ntds.dit. Error: -510. All future database updates will be rejected.

Related Topic