Any time we had user account oddities in our environment it was because of the user account token size. Our AD team has spent a lot of time reducing and cleaning up group memberships as a result last year.
On Fri, Jun 24, 2011 at 10:21 AM, Ralph Smith <[email protected]>wrote: > Nope. > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > Sent: Friday, June 24, 2011 12:09 PM > To: NT System Admin Issues > Subject: Re: Win 7 login problem with trust relationship error > > Does this user have a roaming/mandatory/hybrid (non-local, rather) profile > of any sort? > > Sent from my POS BlackBerry wireless device, which may wipe itself at any > moment > > -----Original Message----- > From: "Ralph Smith" <[email protected]> > Date: Fri, 24 Jun 2011 11:22:21 > To: NT System Admin Issues<[email protected]> > Reply-To: "NT System Admin Issues" > <[email protected]>Subject: > RE: Win 7 login problem with trust relationship error > > I could do that but it's a bit of a hassle between migrating her profile on > each of the computers she uses as well as her Exchange mailbox and > blackberry account. It might resolve the immediate problem, but I wouldn't > be any closer to knowing what is wrong. > > The thing is, I really want to understand the root cause of the issue so > that if there is something in my environment that is causing the problem it > can be fixed before we roll out Windows 7 to all of our users and find out > this isn't an isolated incident. > > > -----Original Message----- > From: John Aldrich [mailto:[email protected]] > Sent: Friday, June 24, 2011 10:11 AM > To: NT System Admin Issues > Subject: RE: Win 7 login problem with trust relationship error > > Have you tried deleting the user and recreating her? Since, as you stated, > other people can log on without problems, it would appear to be primarily > the user's A/D account. > > > > From: Ralph Smith [mailto:[email protected]] > Sent: Friday, June 24, 2011 10:00 AM > To: NT System Admin Issues > Subject: RE: Win 7 login problem with trust relationship error > > I thought of that, but this seems to be affecting a specific user account > on > multiple computers, some of which are new and I know don't have duplicate > names. It doesn't seem reasonable t have to change the name on every win 7 > computer in the domain. > > From: Tom Miller [mailto:[email protected]] > Sent: Friday, June 24, 2011 9:55 AM > To: NT System Admin Issues > Subject: Re: Win 7 login problem with trust relationship error > > This sounds familiar. I had an issue with a PC and it was something like > this. Turned out it was a duplicate name. Try changing the name and see > what happens. We just changed the problem PC from something like 4097 to > 4097A and that did it. > > >>> "Ralph Smith" <[email protected]> 6/24/2011 9:34 AM >>> > Has anyone seen a problem like this and found an explanation / solution? > > Windows 2008 domain and all Windows XP clients except for five Windows 7 > machines. > Single forest, single domain - no trusts or child domains. > > One machine is a laptop we just upgraded to Win 7, and when we went to > have the user log on to it she got this error: > "The security database on the server does not have a computer account > for this workstation trust relationship." > > The odd thing is that the IT staff and one test account can all log in > to the machine with no errors, so it doesn't seem like it's the > computer. She has no trouble logging on to any windows XP clients or > 2003 terminal servers, so it doesn't seem as though her user account is > bad. > > She gets the same error logging on to all of the other four Win 7 > machines, so it seems to be a combination of something with her user > account and something about Windows 7. > > On the laptop we found that if we take it off the domain, reboot, join > it to the domain, reboot, the user can log on for a limited time and > then the error comes back. > > Also, per some advice we got from Google Tech Support, on another > computer we used Adsiedit to change the dnshost attribute from "win7pc" > to "win7pc.domain.com", and added "win7pc.domain.com" to > servicePrincipalName. This also was a temporary resolution. > > > We also found that sometimes she can successfully log in if we use the > "[email protected]" format, but sometimes that also results in the > same error. > > All the information I have been able to find seems to be related to > issues involving trusts between computers in different domains or errors > when joining a computer to a domain. But these issues all seem to > affect all users logging in to a computer, and don't seem to apply here. > > Any ideas? I greatly appreciate any insight someone may have. > > Thanks, > > Ralph > Confidentiality Notice: > ----------------------- > This communication, including any attachments, may contain confidential > information and is intended only for the individual or entity to whom it is > addressed. Any review, dissemination, or copying of this communication by > anyone other than the intended recipient is strictly prohibited. If you are > not the intended recipient, please contact the sender by reply email, > delete > and destroy all copies of the original message. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > Confidentiality Notice: This e-mail message, including attachments, is for > the sole use of the intended recipient(s) and may contain confidential and > privileged information. Any unauthorized review, use, disclosure, or > distribution is prohibited. If you are not the intended recipient, please > contact the sender by reply e-mail and destroy all copies of the original > message. > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > Confidentiality Notice: > ************************* > This communication, including any attachments, may contain confidential > information and is intended only for the individual or entity to whom it is > addressed. Any review, dissemination, or copying of this communication by > anyone other than the intended recipient is strictly prohibited. If you are > not the intended recipient, please contact the sender by reply email, and > delete and destroy all copies of the original message. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
