Environment:
- 4x Windows Server 2012 R2 with role RD Session Host
- 1x Windows Server 2012 R2 with roles RD Gateway, RD Broker, RD Web Access
- Different Domains
Problem:
All servers with RD roles are located in Domain A (sub.domain.local).
Users in Domain B have computer accounts in Domain A. They use RemoteApp and connect with their Domain A user accounts.
Now the users password has expired and the user is asked to change it. This result in the following error:
"The security database on the server does not have a computer account for this workstation trust relationship".
If the user would logon to RDS directly instead of using RemoteApp and / or uses the RD Web Access, everything works fine!
On the web you will find "solutions" like, re-join the server to the domain.
I'm scared that this won't have any impact on the installed roles!?! I doesn't trust that "solutions"... the rest of the RDS infrastructure is working fine...
Currently checked:
- DNS Suffix: Isn't set by GPO or manually
- SPN: As I know, everything looks good (see details below)
- Logon test as SUB\user, sub.domain.local\user, user@sub.domain.local
dn: CN=Server-BROKER,OU=Servers,OU=Server,OU=Germany,DC=sub,DC=domain,DC=local
changetype: add
servicePrincipalName: TERMSRV/Server-BROKER
servicePrincipalName: TERMSRV/Server-broker.sub.domain.local
servicePrincipalName: WSMAN/Server-broker
servicePrincipalName: WSMAN/Server-broker.sub.domain.local
servicePrincipalName: RestrictedKrbHost/Server-BROKER
servicePrincipalName: HOST/Server-BROKER
servicePrincipalName: RestrictedKrbHost/Server-broker.sub.domain.local
servicePrincipalName: HOST/Server-broker.sub.domain.local
Let me know if somebody can help.
Thanks in advance,
Stefan
- 4x Windows Server 2012 R2 with role RD Session Host
- 1x Windows Server 2012 R2 with roles RD Gateway, RD Broker, RD Web Access
- Different Domains
Problem:
All servers with RD roles are located in Domain A (sub.domain.local).
Users in Domain B have computer accounts in Domain A. They use RemoteApp and connect with their Domain A user accounts.
Now the users password has expired and the user is asked to change it. This result in the following error:
"The security database on the server does not have a computer account for this workstation trust relationship".
If the user would logon to RDS directly instead of using RemoteApp and / or uses the RD Web Access, everything works fine!
On the web you will find "solutions" like, re-join the server to the domain.
I'm scared that this won't have any impact on the installed roles!?! I doesn't trust that "solutions"... the rest of the RDS infrastructure is working fine...
Currently checked:
- DNS Suffix: Isn't set by GPO or manually
- SPN: As I know, everything looks good (see details below)
- Logon test as SUB\user, sub.domain.local\user, user@sub.domain.local
dn: CN=Server-BROKER,OU=Servers,OU=Server,OU=Germany,DC=sub,DC=domain,DC=local
changetype: add
servicePrincipalName: TERMSRV/Server-BROKER
servicePrincipalName: TERMSRV/Server-broker.sub.domain.local
servicePrincipalName: WSMAN/Server-broker
servicePrincipalName: WSMAN/Server-broker.sub.domain.local
servicePrincipalName: RestrictedKrbHost/Server-BROKER
servicePrincipalName: HOST/Server-BROKER
servicePrincipalName: RestrictedKrbHost/Server-broker.sub.domain.local
servicePrincipalName: HOST/Server-broker.sub.domain.local
Let me know if somebody can help.
Thanks in advance,
Stefan
Stefan