“The security database on the server does not have a computer account for this trust relationship” error after computer move

During computer migration upon it joins the Target Domain, you may experience the following error trying to log in: “The security database on the server does not have a computer account for this trust relationship”

2015-12-30_18-15-32

This happens especially on Windows 7 OS and has it roots in the following GPO:

Computer Configuration->Policies->Administrative Templates->Network->DNS Client Setting:  “Primary DNS Suffix”

For some reason on Windows 7 OS this GPO persists and does not get applied in the Target Domain properly until workstation reboots second time. One can think that rebooting computer one more time after migration is a good workaround but there is a better solution. Aside from setting it to Disabled in the Source Domain, the following batch file can be executed by QMM RUM (Resource Updating Manager) after computer move operation (substitute target_domain.com with your Target Domain’s naming context):

reg ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\System\DNSClient” /v “PrimaryDnsSuffix” /t REG_SZ /d “target_domain.com” /f

reg ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\System\DNSClient” /v “NV PrimaryDnsSuffix” /t REG_SZ /d “target_domain.com” /f

Tags:

One Response to “The security database on the server does not have a computer account for this trust relationship” error after computer move

  • “The security database on the server does not have a computer account for this trust relationship” error after computer move

    During computer migration upon it joins the Target Domain, you may experience the following error trying to log in: “The security database on the server does not have a computer account for this trust relationship”

    2015-12-30_18-15-32

    This happens especially on Windows 7 OS and has it roots in the following GPO:

    Computer Configuration->Policies->Administrative Templates->Network->DNS Client Setting:  “Primary DNS Suffix”

    For some reason on Windows 7 OS this GPO persists and does not get applied in the Target Domain properly until workstation reboots second time. One can think that rebooting computer one more time after migration is a good workaround but there is a better solution. Aside from setting it to Disabled in the Source Domain, the following batch file can be executed by QMM RUM (Resource Updating Manager) after computer move operation (substitute target_domain.com with your Target Domain’s naming context):

    reg ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\System\DNSClient” /v “PrimaryDnsSuffix” /t REG_SZ /d “target_domain.com” /f

    reg ADD “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\System\DNSClient” /v “NV PrimaryDnsSuffix” /t REG_SZ /d “target_domain.com” /f

Leave a Reply