-
Title
"Security database on the server does not have an account for this workstation trust relationship." -
Description
After performing a "MOVE" task using Migration Manager's - "Resource Updating Manager" and completing a reboot, the computer workstation is unable to logon to the new domain.
This occurs even though the "move" log states the workstation computer has moved successfully and the new computer object can be located in the target Active Directory.
The error displayed is - Security database on the server does not have a computer account for this workstation trust relationship.
-
Cause
The new target domain workstation may be attempting to logon to the source domain controller as a result of obtaining source network settings from the source DHCP/DNS design.
Once a computer has been moved to a target domain it acquires an IP, as per usual. However, the request is returned from the source domain's DHCP server, which also serves other network information such as DNS locations. That associated information will cause the computer to call on the source DNS server for logon information.
The results are improper queries sent form the workstation computer to an unconfigured or wrong DNS server for a target domain. Once the workstation computer reaches the wrong domain controller, in the source, the error is generated.
-
Resolution
The designed resolution is left for the administrator of the environment.
Generally, a proper network configuration of DHCP/DNS servers are required for the target domain. A workstation will broadcast for an DHCP server on its network segment. Ensure your DHCP server(s) are configured for target domain requests from any "moved" workstations. The same holds true for DNS server(s). Ensure they are configured for target domain as well as source domain.
Once configured properly and the target workstation computer can find the target Domain Controller, the situation will resolve.