User cannot log in

trb48 · ‎08-19-2011

When our virtual desktops are being created the user gets the following error when they log in:

"The security database on the server does not have a computer account for this workstation trust relationship."

or

We have received the same error but with a SAM database addition.

And if we look in the Domain Controller logs we see this:

"The session setup from the computer ComputerName failed to authenticate. The name(s) of the account(s) referenced in the security database is ComputerName. The following error occurred:

Access is denied."

Our primary Domain Controller is a Windows 2008 R2 server and our other domain controller is Windows 2003. I can't figure out what is wrong and our users cannot login after the machine is created.

-trb48

Linjo · ‎08-19-2011

How do you customize your machines?

Quickprep or sysprep?

// Linjo

Best regards, Linjo Please follow me on twitter: @viewgeek If you find this information useful, please award points for "correct" or "helpful".

trb48 · ‎08-19-2011

After I complete installing and setting up the virtual desktop I use sysprep to copy the user profile to the default profile. After that I let View do its thing. Here is the sysprep script I use to copy the profile:

<?xml version="1.0" encoding="utf-8"?>

<RegisteredOrganization>College</RegisteredOrganization>

<RegisteredOwner>Business College</RegisteredOwner>

<TimeZone>Mountain Standard Time</TimeZone>

</component>

<Password>password</Password>

<Username>image</Username>

</Credentials>

</Identification>

</component>

</settings>

</component>

<OOBE>

</OOBE>

<RegisteredOrganization>Business College</RegisteredOrganization>

<TimeZone>Mountain Standard Time</TimeZone>

<Value>password</Value>

</Password>

<Description>Test account</Description>

<DisplayName>Test Account</DisplayName>

<Group>Administrators</Group>

<Name>ldsbc2</Name>

</LocalAccount>

</LocalAccounts>

<Domain>ldsbc</Domain>

<Group>Administrators</Group>

<Name>Domain Users</Name>

</DomainAccount>

</DomainAccountList>

</DomainAccounts>

</UserAccounts>

</component>

</settings>

<cpi:offlineImage cpi:source="catalog://bc-abner/express/classroom-windows7/operating systems/windows 7 x86/sources/install_windows 7 professional.clg" xmlns:cpi="urn:schemas-microsoft-com:cpi" />

</unattend>

Could the way I am syspreping the virtual desktop be causing the problem?

trb48 · ‎08-31-2011

I cut out all of the extra stuff from my sysprep config file and we are still having the same problem. Here is the actual SAM error I mentioned above:

The SAM database on the Windows server does not have a computer account for this workstation trust relationship.

If you go into the domain controler and reset the computer and login the error changes:

The security database on the server does not have a computer account for this workstation trust relationship.

I found online that if you open ADSIEDIT.MSC on the domain controller and navigate to the computer you will see that an entry is missing. Once you find the computer right click and go to properties. After that look for the "servicePrincipalName" setting. In this case it is empty. On a good and working computer this is populated with several different settings.

I am not sure what is going on...Any help at all would be appreciated.

trb48 · ‎08-31-2011

I just checked my settings inside View and I realized something. Before I take a snapshot of the virtual desktop I run sysprep. After that I add it into my pool. Then quickprep runs. I wonder if the double sysprep is cauing the problems.

All

User cannot log in