We are rolling out domain controller using UCS and having some issues we cannot understand how to resolve. The issue is: “The security database on the server does not have a computer account for this workstation trust relationship.”
My domain setup is:
Main Controller
Backup DC
Version is 4.1-4 errata353
Installed clean version of Windows 7 64bit. Joined the domain 2 times, got successful message and offered restart. After the restart I was unable to login for the first time, computer was not added to domain computer list. I joined the domain for the 3rd time, then computer was finally added into domain, however I was unable to login again.
In attempt to debug, I have set few UCRs to:
notifier/debug/level set from 1 to 4
connector/debug/level set from 2 to 4
And went to monitor few log files.
sudo tail -f /var/log/univention/notifier.log
–did not give me any useful information
sudo tail -f /var/log/univention/listener.log
–showed process of updating the domain objects.
I started to suspect that the computer is at fault. This helped me a bit: since I get IP settings from a standalone DHCP server, I decided to set DNS IPs to Univention servers and that helped me to login for once, but now I cannot login, I get the same error on client about trust relationship.
I tried looking for info which logs to monitor, and I was also looking for diagrams how does this process work. I suspect that when I get error about trust relationship, the computer itself simply does not communicate with domain controller, so maybe issue is with computer not setting correct configuration? Because I was unable to see any info or activity on the domain controller. Just FYI it happens on more than one installation including fresh installations. Simply re-joining the domain would not help in this case because we keep having this issue all the time and we have yet to migrate nearly 100 of clients into domain.
My questions are:
- what log files should I monitor to debug this error (and what UCRs to set)
- what is the process of domain join and login
- why does “trust relationship” happen, what factors influence computer and server to break trust.
- how can I see any “login” activity from the server side? auth.log was not very informative so far.