I have taken over the management of several machines and domain at the place I work and think I have a corrupted domain "database" for lack of a better term.
When I try and log into the domain controller I get the error:
The security database on the server does not have a computer account
for this workstation trust relationship.
All searching on this topic seems to relate to rejoining workstations to domains or spn data being wrong. I have tried to correct the SPN details but that didn't fix the issue. I'm not sure how I would go about rejoining a domain controller to a domain, it's not a viable fix for a dc in my books.
Any thoughts?
Also, another things I can login to this domain controller at the console in the first 15 seconds after reboot but if I wait any longer then I get the same message at the console.
At the moment I am using MMCs to manage the server remotely which works but I would like to resolve this issue.
Best Answer
Sounds like something's seriously messed up with that DC - if possible, consider just rebuilding it.
Also check for the same basics that you'd check for another system with this issue - that it has working name resolution, that its name matches its computer account in the domain, and that it and the other domain controllers have correct time. And
dcdiag
is always worth a look.Anyway, what you'd want to try for rebuilding the trust with the domain will be the procedure outlined here - stop the KDC service then run a
netdom resetpwd
against the DC to rebuild its computer account.