Did something stupid, was there a simple way to fix it?

bremen1874

bremen1874

bremen1874

Soldato
Joined
20 Oct 2008
Posts
12,082
For various reasons I’ve got SBS 2011 running at home.

I decided to have a play with FreeNAS on a spare machine. When I tried configuring the AD authentication I made the mistake of entering the DC’s name instead of the name of the FreeNAS server. As best I can tell this managed to create a duplicate SPN which clobbered the server quite well. Any attempt to login into the server was giving me a ‘The security database on the server does not have a computer account for this workstation trust relationship’ error.

Every suggested option I found to fix the problem relied on being able to actually login into the server, which I couldn't (it’s the only DC).

I’ve now restored from a backup, but was there an alternative way to fix the problem I missed?
 
bremen1874 said:
For various reasons I’ve got SBS 2011 running at home.

I decided to have a play with FreeNAS on a spare machine. When I tried configuring the AD authentication I made the mistake of entering the DC’s name instead of the name of the FreeNAS server. As best I can tell this managed to create a duplicate SPN which clobbered the server quite well. Any attempt to login into the server was giving me a ‘The security database on the server does not have a computer account for this workstation trust relationship’ error.

Every suggested option I found to fix the problem relied on being able to actually login into the server, which I couldn't (it’s the only DC).

I’ve now restored from a backup, but was there an alternative way to fix the problem I missed?
Click to expand...
I'm not quite sure what you did but if it was just a case of deleting an SPN you should be able to do that from any client in the domain. Whether the clobbered server would let you do that is another matter.
 
burns said:
I'm not quite sure what you did but if it was just a case of deleting an SPN you should be able to do that from any client in the domain. Whether the clobbered server would let you do that is another matter.
Click to expand...

Deleting the duplicate SPN wouldn't have been a problem if it had been any other machine. In this case I'm pretty sure that the duplicate was the DC. I never managed to get access to the server to be able to check.

When I have the spare time I'll have to setup a test environment and see if I can replicate the problem.
 
You must log in or register to reply here.
Back
Top Bottom