Problem: Login error "The security database on the server does not have a computer account for this workstation trust"

DirkS · November 11, 2021, 1:18pm

Problem

Login on windows client as domain user throws error:

The security database on the server does not have a computer account for this workstation trust

in German:

Die Sicherheitsdatenbank auf dem Server verfügt nicht über ein Computerkonto für diese Vertrauensstellung der Arbeitsstation.

Solution

Search samba for the computer objects servicePrincepalName:

root@sl1:~# univention-s4search samaccountname=SL1CL1$ servicePrincipalName
# record 1
dn: CN=SL1CL1,CN=computers,OU=Schule1,DC=reiherwaldschule,DC=intranet
servicePrincipalName: HOST/SL1cl1.reiherwaldschule.intranet
servicePrincipalName: RestrictedKrbHost/SL1cl1.reiherwaldschule.intranet
servicePrincipalName: HOST/SL1CL1
servicePrincipalName: RestrictedKrbHost/SL1CL1
servicePrincipalName: WSMAN/SL1cl1.reiherwaldschule.intranet
servicePrincipalName: WSMAN/SL1cl1

Then search the directory for duplicates of the servicePrincipalName:

root@sl1:~# univention-s4search --cross-ncs servicePrincipalName=*SL1CL1* -b CN=computers,OU=Schule1,DC=reiherwaldschule,DC=intranet |grep dn:
dn: CN=SL1CL1,CN=computers,OU=Schule1,DC=reiherwaldschule,DC=intranet
dn: CN=DESKTOP-BWTSF11,CN=computers,OU=Schule1,DC=reiherwaldschule,DC=intranet

Remove the unused duplicate Object via umc or udm.

Root Cause

This happens if you join the PC with the installation hostname and rename it in the client after you have joined the PC.

DirkS · November 11, 2021, 1:23pm