Problem
Login on windows client as domain user throws error:
The security database on the server does not have a computer account for this workstation trust
in German:
Die Sicherheitsdatenbank auf dem Server verfügt nicht über ein Computerkonto für diese Vertrauensstellung der Arbeitsstation.
Solution
Search samba for the computer objects servicePrincepalName:
root@sl1:~# univention-s4search samaccountname=SL1CL1$ servicePrincipalName
# record 1
dn: CN=SL1CL1,CN=computers,OU=Schule1,DC=reiherwaldschule,DC=intranet
servicePrincipalName: HOST/SL1cl1.reiherwaldschule.intranet
servicePrincipalName: RestrictedKrbHost/SL1cl1.reiherwaldschule.intranet
servicePrincipalName: HOST/SL1CL1
servicePrincipalName: RestrictedKrbHost/SL1CL1
servicePrincipalName: WSMAN/SL1cl1.reiherwaldschule.intranet
servicePrincipalName: WSMAN/SL1cl1
Then search the directory for duplicates of the servicePrincipalName:
root@sl1:~# univention-s4search --cross-ncs servicePrincipalName=*SL1CL1* -b CN=computers,OU=Schule1,DC=reiherwaldschule,DC=intranet |grep dn:
dn: CN=SL1CL1,CN=computers,OU=Schule1,DC=reiherwaldschule,DC=intranet
dn: CN=DESKTOP-BWTSF11,CN=computers,OU=Schule1,DC=reiherwaldschule,DC=intranet
Remove the unused duplicate Object via umc or udm.
Root Cause
This happens if you join the PC with the installation hostname and rename it in the client after you have joined the PC.