Error: The security database on the server does not have a computer account for this workstation trust relationship

Question

Every few days, I get the following error when trying to log in:

The security database on the server does not have a computer account for this workstation trust relationship.

Each time it happens, I disjoin/rejoin the domain to buy myself a few more days. I have tried many attempts to find a solution including, but not limited to: 

• Verifying time is synced between the machine and DC
• Verifying there's no duplicate Service Principal Names (SPNs)
• Solving the gpupdate failure issue
• Resetting the machine account in the DC
• Resetting the machine account "password" using netdom in cmd
• Deleting/manually adding the machine from the Organizational Unit (OU) list in the DC
• Flushing/registering the DNS on the machine
• Attempting an online solution that involved adsiedit.msc

This is occurring on a virtual machine (VM) running Windows Server 2016 Standard. No other VMs are having this issue. Additionally, whenever this error occurs, Event Viewer creates an Audit Failure event where the Security ID is "NULL SID" and the Failure Status is "0xC000018B". I haven't found any useful information online in using this error status code to help me solve the issue.

Any help would be appreciated.

Answer 1

Hi Justin Voo,

Thank you for posting in the Microsoft Community Forums.

I. Error causes and common solutions

Computer account problem:

Ensure that the computer account is properly registered in Active Directory (AD) and has not been accidentally deleted or disabled.

Check if the computer name matches the name registered in AD. If it does not match, you need to change the computer name or update the record in AD.

Time synchronization issues:

Verify that the time is synchronized between the virtual machine (VM) and the domain controller (DC). Unsynchronized time may cause Kerberos authentication to fail.

Service Principal Name (SPN) conflicts:

Use the setspn -L <AccountName> command to check for duplicate SPNs. if there are any, you need to remove the duplicate SPNs.

DNS issues:

Ensure that DNS is correctly resolving the names of domain controllers and virtual machines.

Try flushing the DNS cache on the virtual machine using the ipconfig /flushdns command.

Group Policy Update Issues:

Run the gpupdate /force command to ensure that Group Policy settings are updated.

Computer account password issues:

Use the netdom resetpwd /server:<DCName> /userd:<ComputerName> /reset-password:* command on the domain controller to reset the computer account password.

II. Suggestions for your specific situation

Examine the detailed error messages in the Event Viewer:

Analyze the audit failure events in the Event Viewer in depth, especially the entries with security ID “NULL SID” and failure status “0xC000018B”.These events may contain more detailed information about the cause of the error.

Consider virtual machine-specific configuration issues:

Since the problem occurs only on a specific virtual machine, check the configuration specific to that virtual machine, such as network adapter settings, firewall rules, and so on.

Ensure that the virtual machine is able to access the domain controller and DNS server properly.

Contact your system administrator or technical support:

If you have tried all of the above steps and the problem persists, contact your system administrator or technical support team. They may need to check the AD configuration, network settings, or VM configuration in more depth.

Consider using a specialized diagnostic tool:

Use a network diagnostic tool such as Microsoft's Network Monitor or Wireshark to capture and analyze network traffic.

Use Microsoft's Active Directory diagnostic tools such as ADSI Edit and LDP.exe to check AD configuration and status.

Best regards

Neuvi