No announcement yet.

serviceprincipalname attribute problem, not able to log on locally or remotely

  • Filter
  • Time
  • Show
Clear All
new posts

  • serviceprincipalname attribute problem, not able to log on locally or remotely

    My network is very small and we currently have a single Windows Server 2008 machine running as our DC. I made a few changes today and after doing so, I am no longer able to log in to the DC either remotely or locally. I get this error:

    "The security database on the server does not have a computer account for this workstation trust relationship".

    As far as I know, I did not remove the server from Users and Computers.

    The two things I did were to enable NTP (following these instructions verbatim and I generated a keytab with ktpass.exe, which I'm fairly certain I did wrong...and I believe may be the source of my troubles.

    Based on what I've read on some websites, the error I'm getting can be caused when the servicePrincipalName attribute is incorrect and that I can resolve it using dsa.msc or adsi.msc. Unfortunately, I'm unable to access that snapin because I cannot log in.

    A few things:

    1. I am able to log in to the server locally in Directory Services Restore Mode.

    2. There are no other domain controllers on the domain.

    3. I want the solution to have the absolute minimal impact on my users as possible (this is most likely a given though).

    4. I can log in to Safe Mode without a problem, and while Active Directory services appear to be running, I cannot access the domain through ADSI Edit.

    So, all of that said, I believe I know the solution to my problem...however I do not know how to access the server in such a way to allow me to implement the solution.

    Any ideas, suggestions, or thoughts would be VERY helpful.