Paul Littlefield
2018-May-14 11:14 UTC
[Samba] Delete machine account from AD to fix The trust relationship
Hello Samba List,
I have a desktop with a clean full install of Windows 10 Pro 1709.
I have an entry in the Samba 4.7 AD for the machine account (from when it was
Windows 7 Pro).
Windows 10 appears to join the Domain successfully.
When I try to log in with the DOMAIN\Administrator account I get the Windows
error:-
"The security database on the server does not have a computer account for
this workstation trust relationship."
Do I try the Windows 10 PowerShell Reset-ComputerMachinePassword fix or delete
the Machine account from the Samba 4.7 AD?
If it's the latter, how do I do that?
$ samba-tool user delete XXXXX
Thanks in advance.
Paul
L.P.H. van Belle
2018-May-14 12:51 UTC
[Samba] Delete machine account from AD to fix The trust relationship
Follow these steps. First try this, Goto computer properties, Goto Change the computer/domainname. Klik more options. Check if the primary dns is set. Normaly its not needed to change things here. Remove the computer from the domain. With RSAT tools, check if everything is removed of the PC from the domain. Cleanup the DNS before you re-join the pc. (remove the A and PTR) Cleanup the AD, ( OU=Computers ) Wait 1-2 minutes Try Rejoin. This, normaly works for me. If that didnt work. Read , and yes it hints to RDP, im affected here on a few computers with this. https://blogs.technet.microsoft.com/mckittrick/unable-to-rdp-to-virtual-machine-credssp-encryption-oracle-remediation/ (* the direct link : https://support.microsoft.com/nl-nl/help/4103727/windows-10-update-kb4103727 ) Security updates to Microsoft Edge, Internet Explorer, Microsoft scripting engine, Windows app platform and frameworks, Device Guard, Windows kernel, Microsoft Graphics Component, Windows storage and filesystems, Windows Hyper-V, Windows virtualization and kernel, HTML help, and Windows Server. Im investigating this atm. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Paul > Littlefield via samba > Verzonden: maandag 14 mei 2018 13:14 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Delete machine account from AD to fix The > trust relationship > > Hello Samba List, > > I have a desktop with a clean full install of Windows 10 Pro 1709. > > I have an entry in the Samba 4.7 AD for the machine account > (from when it was Windows 7 Pro). > > Windows 10 appears to join the Domain successfully. > > When I try to log in with the DOMAIN\Administrator account I > get the Windows error:- > > "The security database on the server does not have a computer > account for this workstation trust relationship." > > Do I try the Windows 10 PowerShell > Reset-ComputerMachinePassword fix or delete the Machine > account from the Samba 4.7 AD? > > If it's the latter, how do I do that? > > $ samba-tool user delete XXXXX > > Thanks in advance. > > Paul > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Paul Littlefield
2018-May-14 14:23 UTC
[Samba] Delete machine account from AD to fix The trust relationship
On 14/05/18 13:51, L.P.H. van Belle via samba wrote:> With RSAT tools, check if everything is removed of the PC from the domain.Yes, that worked. However, it would be nice for someone to chirp in the command line for removing a machine trust account with samba-tool?
L.P.H. van Belle
2018-May-14 14:46 UTC
[Samba] Delete machine account from AD to fix The trust relationship
Hai, Thanks for the reply. For the fix, i believe, there is work in progress for that as far i've seen. But i think Rowland knows this better. An other other options is rejoin again, but often only works if the "computer" password was expired and not updated. Then an simple rejoin works also. If this happens, ( i had this about 3 times ). 1) try a simple rejoin from windows - computer properties, change network ( where the domain name is) 2) if 1 fails, try with only removing the computer objects from the AD DB. 3) if 1 and 2 fails, clean up dns and ad, then rejoin. There is one more option, but that can messup you ADDB, so im not posting that. :-) Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Paul > Littlefield via samba > Verzonden: maandag 14 mei 2018 16:23 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Delete machine account from AD to fix > The trust relationship > > On 14/05/18 13:51, L.P.H. van Belle via samba wrote: > > With RSAT tools, check if everything is removed of the PC > from the domain. > > Yes, that worked. > > However, it would be nice for someone to chirp in the command > line for removing a machine trust account with samba-tool? > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >