First, let me say… I get about 100 unique hits on this post every day. We are not alone! Below, I describe a fix to the relationship. But I want to know THE CAUSE of the broken relationship! If you can help, please post a comment. -Thank you
Newest post – 2/5/2010
OK, now I’ve got it on Windows 7!
Win7 has been running flawlessly for about three months. I was in the middle of testing various Antivirus solutions… I uninstalled Microsoft Security Essentials, and attempted to install Symantec Endpoint Protection. The setup cursed me, saying a previous operation required a reboot before I could install SEP. I rebooted, logged in, and was presented with a “Temporary Profile” error. I rebooted and the Log in gave me, “The security database on the server does not have a computer account for this workstation trust relationship”
Now, I know from previous experience (below) I could disconnect from the network (Cable and WiFi) and fix it like I did in Vista. But this time I got a quick fix with F8, Safe Mode (without network), System Restore. All is good.
Some info I liked from a TechNet post:
“First some basics you most likely already know.
1. Computers are security principals just like users
2. Computers authenticate to the domain on startup
3. Computers change their password every 30 days by default
4. Restore Points restore the computer password present at the time of the restore point
5. If the local password and the domain password are not the same the computer must re-join the domain”
Older Vista Solution:
The Vista user can log onto the machine with cached credentials (NIC disconnected and WiFi off), but not when connected to the LAN. ERR, It worked for the last year, just fine. Oh well…
You may also get this error: ”The security database on the server does not have a computer account for this workstation trust relationship.”
As the error indicates, the relationship between the client/server is broken. Let’s fix the relationship.
Kill and rejoin the Domain… (with PC rename in between)
On the DC:
Delete the offending Computer Account that resides in Active Directory.
Delete the Computer’s IP Lease(s) in DHCP
On the client (with no connection to LAN):
Log onto the local machine (not the Domain) as an Admin.
Unjoin the Domain by joining a “TEMP” workgroup. Reboot required. Log into TEMP workgroup as the Admin.
Rename the Computer. Reboot required.
Log into the Local Machine, now rejoin the Domain. Reboot required. Login into the Domain.
Test network access and life is good. The Computer exists in AD and DHCP.
Rename the Computer back to what I originally wanted. Reboot required.
Test network access and life is still good. The new Computer name is in AD and DHCP, as expected.
Come on people, this post gets tons of views. Give me some feedback!
Solution by robertoLB. And confirmed by funflex.
How To Use Netdom.exe to Reset Machine Account Passwords
Solution from DailyAdminLife?