Hello!

I have this strange problem affecting only one workstation (Windows 7 SP1, 32bit). I joined the workstation to domain, which seemed to go successfully (ended with the dialog box saying "Welcome to the yourdomain.com domain"). Then I rebooted the workstation and discovered that I can't login with any domain user account. Login attempts fail with error message "The security database on the server does not have a computer account for this workstation trust relationship".

I verified that the object for this workstation had been created under .Computers.TLV (TLV being the O under which our DSfW domain is mapped). I tried the entire process several times - took the computer out of domain, deleted the object under .Computers.TLV and re-joined the computer to domain, but the end result was similar each time.

During the failed login attempts, the following is recorded in /var/log/messages on the server:

Code:
Oct 24 15:31:28 saturn xadsd: [SAMSS] SamrOpenDomain: Failed to open domain with SID S-1-5-21-1126974413-184568710-299800771: No such object
Oct 24 15:31:28 saturn xadsd: [NETLOGON] Trying to find a domain controller in local site: Default-First-Site-Name
Oct 24 15:31:31 saturn xadsd: [SAMSS] SamrEnumerateDomainsInSamServer: could not parse domain : No such attribute
Oct 24 15:31:31 saturn xadsd: [SAMSS] SamrLookupDomainInSamServer: could not find domain TLV: No such attribute
Oct 24 15:31:32 saturn xadsd: [NETLOGON] Workstation ASPERPC04 failed to authenticate: 0xc0000022
Oct 24 15:31:32 saturn xadsd: [NETLOGON] ASPERPC04$ opened secure channel
All but the first message in this snippet seem to be "normal" - I looked through several days of log, and these messages are often repeated for various workstations, with no visible ill effects to the functioning of the domain. But the first message ("Failed to open domain with SID...") is unique to this situation - it only occurs when attempting to log in from this workstation.

The only other thread I could find about this message was about time not being in sync between workstation and server, but I made sure this is not the case - before joining the workstation to domain I set the workstation's time server address to IP of the server and synced the time manually in Control Panel.

As I said, the problem only affects one workstation. What makes this workstation "special" is that it is at a remote site and connects to the DSfW servers in our internal network via VPN - but this is not the first such workstation, we have ca 10 similar workstations at various remote sites with identical VPN setup that are all working successfully.

The DSfW servers in our tree are OES2 SP2 - unfortunately I haven't yet had time to upgrade them to officially supported version. I have verified the functionality of DSfW services according to TID7001884 and everything checks out.

Any ideas how to troubleshoot this further?