We recently upgraded our primary Domain Controller. The new DC is a new box with Windows Server 2008 R2, the old one was Windows Server 2003.
We did a full migration of domain accounts to the new server, and it is synced with the other DCs across the country (various 2003 or 2008 boxes).
Since this time, we've replaced a few workstations and created a few new users with new stations(all Windows 7 Pro). One user, whenever he attempts to log in with his domain account onto the desktop, gets the error "The security database on the server does not have a computer account for this workstation trust relationship." 15 minutes later he can try again and log in with no problem.
Checking the list of computers in all DCs, his does not appear. We removed the computer from the domain and back into a workgroup, re-added, and it still happens. Removing the computer, renaming it, and re-adding it also doesn't work.
Both times the computer successfully joins the domain, but won't appear in the list of computers. What can I do to fix this?
Update: As shown in the comments, the issue is with replication across the DCs. This is only affecting the one computer, however, as others have been added to the domain with no problems. The DC it joins is not the main, backup main, or one associated with its 'site.' What could cause replication issues of a single computer?
Update 2: It turns out a few other issues have been found with replication, so my little problem will hopefully be fixed along with the other problems, though the details of the solution are out of my hands now.
Best Answer
Based on what I've read, I would do the following:
Check all DCs for the NetLogon share - When there are replication issues, that's usually a tell-tale sign.
Assuming you find a DC that does not have the NETLOGON share, follow the instructions in Using the BurFlags registry key to reinitialize File Replication Service replica sets
Run DCDIAG on all DCs (I use DCDIAG /C /E /V). Address and resolve any unexplained issues. (I usually recommend this BEFORE adding any DCs)