We have a pool of thirty desktops where desktops gets deleted on power off. When desktops get spun up and become available, some don't allow users to log in . This is the error they get on the Windows 7 login screen after they enter their credentials: "The security database on the server does not have a computer account for this workstation trust relationship." If I log into the desktop locally (via console), I see the event ID 3210 which says: This computer could not authenticate with <DOMAINCONTROLLERNAME>, a Windows domain controller for domain <DOMAINNAME>, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same networking using the same name or the password for this computer account is not recognized. On the authenticating domain controller I see an event ID of 5722: The session setup from the computer <COMPUTERNAME> failed to authenticate. The name of the account referenced in the security database is <COMPUTERNAME>$. The following error occured: Access denied. According to this MS KB article (https://support.microsoft.com/en-us/help/810977/event-id-5722-is-logged-on-your-windows-server-based-domain-controller), this can can occur if 1) An admin resets a computer account by using ADUC or another tool (which is not the case here) or 2) A new computer is joined to the domain using a name that already exists in the domain (which may be the case). I don't see any duplicate names anywhere: AD, DNS, DHCP, View Admin.
As a test, I disabled provisioning on the pool, deleted the desktops, and made sure that all AD computer objects, DHCP leases, DNS record, and Horizon Admin desktop entries were deleted. I also chose a naming scheme I have never used to avoid inconsistent View/Composer databases. I re-enabled provisioning and all desktops were provisioned with no problem. I performed this same run three times. On the third time, two desktops came up with the error above. I have verified that these problem desktops have an AD computer object and DNS record.
Has anyone ran into this problem?
-VMware Horizon View: 7.5.1
-vSphere: 6.5 U1
-Desktop OS: Windows 7 Ent SP1
-Forest level: Server 2008 (we have one Server 2016 DCs and some Server 2012 and 2008 DCs).