Before few days ago I returned snapshot/checkpoint with scvmm and turned on virtual machine, but when I tried to logon with domain user I gave this message, „The security database on the server does not have a computer account for this workstation trust relationship“. I need to mention that snapshot/checkpoint was old only three hours.
I logged in with local Administrator account and removed server from the domain and again join to the domain. After restart I logged in with domain account but few services didn’t start. I again restarted server, tried to logon and I gave the same message „The security database on the server does not have a computer account for this workstation trust relationship“.
Solution/Workaround:
You need to do two things.
1. Reapply values in ADSI Edit (adsiedit.msc) or enter new if SPN missing.
Open adsiedit.msc like on picture below and check settings in servicePrincipalName
2. Restart the computer.
3. Login on to your server with local Administrator account.
4. Change domain from FQDN to the short name. In my case ekobit.corp change to ekobit_corp
5. Restart your server and Login as the domain user.
Relax your mind and enjoy .
NOTE: As you might know Winlogon service on Windows 7, Windows Server 2008 and Windows Server 2008 R2 Operating Systems use Kerberos logon. So the Service Principal Names (SPNs) need to be configured properly to support Kerberos Authentication.
Other Reference Articles:
Kerberos Authentication Problems: http://blogs.technet.com/b/askds/archive/2008/05/29/kerberos-authentication-problems-service-principal-name-spn-issues-part-1.aspx
Symptoms when secure channel is broken: http://blogs.technet.com/b/asiasupp/archive/2007/01/18/typical-symptoms-when-secure-channel-is-broken.aspx
Machine Account Password Process: http://blogs.technet.com/b/askds/archive/2009/02/15/test2.aspx