so we have this users that apparently dont like administrators on their machines so somehow they disabled our ability to log in. i was able to figure out a way to actually log in to the machine its self but still cant add users to the administrators accounts. this is the message i get while trying to log into their machines after adding me: "The security database on the server does not have a computer account for this workstation trust relationship." any idea how to undo this on the end user machine?

It sounds like the computer accounts in AD are missing or corrupt.

It sounds like the computer accounts in AD are missing or corrupt.

It sounds like the computer accounts in AD are missing or corrupt.

hmmm. i double checked and the accounts are there. i can use those accounts to log into other machines but for some reason these guys are able to mess things up. we recently changed the way we are doing permissions. everyone was an administrator on their own machine an i know that this is what was allowing them to change security settings somewhere. im just wondering where they were able to change it.

hmmm. i double checked and the accounts are there. i can use those accounts to log into other machines but for some reason these guys are able to mess things up. we recently changed the way we are doing permissions. everyone was an administrator on their own machine an i know that this is what was allowing them to change security settings somewhere. im just wondering where they were able to change it.

Hi, The cause: The DCs Service Principle Name (SPN) has been duplicated and now exists as an attribute on both the DC as well as some other user or computer. Resolution: Locate the duplicate SPN and remove it. This value can be found with SETSPN.EXE or LDIFDE.EXE. In this example the duplicate name is "2008r2spn-02" setspn.exe -x setspn.exe -q 2008r2spn-02* ldifde.exe -f spn.txt -d -l serviceprincipalname -r "(serviceprincipalname=*2008r2spn-02*)" -p subtree Meanwhile, as this forum focuses on Windows Vista specific issues, this inquiry would best be posted to Windows Sever forum: http://social.technet.microsoft.com/Forums/en-US/winserverDS/threads The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding. Regards, Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, The cause: The DCs Service Principle Name (SPN) has been duplicated and now exists as an attribute on both the DC as well as some other user or computer. Resolution: Locate the duplicate SPN and remove it. This value can be found with SETSPN.EXE or LDIFDE.EXE. In this example the duplicate name is "2008r2spn-02" setspn.exe -x setspn.exe -q 2008r2spn-02* ldifde.exe -f spn.txt -d -l serviceprincipalname -r "(serviceprincipalname=*2008r2spn-02*)" -p subtree Meanwhile, as this forum focuses on Windows Vista specific issues, this inquiry would best be posted to Windows Sever forum: http://social.technet.microsoft.com/Forums/en-US/winserverDS/threads The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding. Regards, Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, The cause: The DCs Service Principle Name (SPN) has been duplicated and now exists as an attribute on both the DC as well as some other user or computer. Resolution: Locate the duplicate SPN and remove it. This value can be found with SETSPN.EXE or LDIFDE.EXE. In this example the duplicate name is "2008r2spn-02" setspn.exe -x setspn.exe -q 2008r2spn-02* ldifde.exe -f spn.txt -d -l serviceprincipalname -r "(serviceprincipalname=*2008r2spn-02*)" -p subtree Meanwhile, as this forum focuses on Windows Vista specific issues, this inquiry would best be posted to Windows Sever forum: http://social.technet.microsoft.com/Forums/en-US/winserverDS/threads The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding. Regards, Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.