+1 Enable auditing of failures for logon events, and then look to see what's being logged on your DCs. I'd also look in the event log of the PCs as well.
Cheers Ken -----Original Message----- From: Michael B. Smith [mailto:[email protected]] Sent: Friday, 24 June 2011 11:37 PM To: NT System Admin Issues Subject: RE: Win 7 login problem with trust relationship error Account corruptions are very rare. This should be generating event log errors on both the client machine and on the authenticating domain controller indicating, in more detail, what the issues are. Have you checked those out? Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -----Original Message----- From: John Aldrich [mailto:[email protected]] Sent: Friday, June 24, 2011 11:33 AM To: NT System Admin Issues Subject: RE: Win 7 login problem with trust relationship error Well, I'm no expert by any stretch of anyone's imagination, but it sounds to me like her account has gotten corrupted somehow. Have you checked her A/D account? -----Original Message----- From: Ralph Smith [mailto:[email protected]] Sent: Friday, June 24, 2011 11:22 AM To: NT System Admin Issues Subject: RE: Win 7 login problem with trust relationship error I could do that but it's a bit of a hassle between migrating her profile on each of the computers she uses as well as her Exchange mailbox and blackberry account. It might resolve the immediate problem, but I wouldn't be any closer to knowing what is wrong. The thing is, I really want to understand the root cause of the issue so that if there is something in my environment that is causing the problem it can be fixed before we roll out Windows 7 to all of our users and find out this isn't an isolated incident. -----Original Message----- From: John Aldrich [mailto:[email protected]] Sent: Friday, June 24, 2011 10:11 AM To: NT System Admin Issues Subject: RE: Win 7 login problem with trust relationship error Have you tried deleting the user and recreating her? Since, as you stated, other people can log on without problems, it would appear to be primarily the user's A/D account. From: Ralph Smith [mailto:[email protected]] Sent: Friday, June 24, 2011 10:00 AM To: NT System Admin Issues Subject: RE: Win 7 login problem with trust relationship error I thought of that, but this seems to be affecting a specific user account on multiple computers, some of which are new and I know don't have duplicate names. It doesn't seem reasonable t have to change the name on every win 7 computer in the domain. From: Tom Miller [mailto:[email protected]] Sent: Friday, June 24, 2011 9:55 AM To: NT System Admin Issues Subject: Re: Win 7 login problem with trust relationship error This sounds familiar. I had an issue with a PC and it was something like this. Turned out it was a duplicate name. Try changing the name and see what happens. We just changed the problem PC from something like 4097 to 4097A and that did it. >>> "Ralph Smith" <[email protected]> 6/24/2011 9:34 AM >>> Has anyone seen a problem like this and found an explanation / solution? Windows 2008 domain and all Windows XP clients except for five Windows 7 machines. Single forest, single domain - no trusts or child domains. One machine is a laptop we just upgraded to Win 7, and when we went to have the user log on to it she got this error: "The security database on the server does not have a computer account for this workstation trust relationship." The odd thing is that the IT staff and one test account can all log in to the machine with no errors, so it doesn't seem like it's the computer. She has no trouble logging on to any windows XP clients or 2003 terminal servers, so it doesn't seem as though her user account is bad. She gets the same error logging on to all of the other four Win 7 machines, so it seems to be a combination of something with her user account and something about Windows 7. On the laptop we found that if we take it off the domain, reboot, join it to the domain, reboot, the user can log on for a limited time and then the error comes back. Also, per some advice we got from Google Tech Support, on another computer we used Adsiedit to change the dnshost attribute from "win7pc" to "win7pc.domain.com", and added "win7pc.domain.com" to servicePrincipalName. This also was a temporary resolution. We also found that sometimes she can successfully log in if we use the "[email protected]" format, but sometimes that also results in the same error. All the information I have been able to find seems to be related to issues involving trusts between computers in different domains or errors when joining a computer to a domain. But these issues all seem to affect all users logging in to a computer, and don't seem to apply here. Any ideas? I greatly appreciate any insight someone may have. Thanks, Ralph ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
