How to Fix: VM Can't Connect to Windows Server (No Trust Relationship)

Dennis Faas's picture

Infopackets Reader Jeff L. writes:

" Dear Dennis,

I have a Windows 7 machine I'm trying to virtualize, which is connected to a Windows Server 2012 network. The issue I'm having is that the newly created virtual machine works fine after it's been virtualized but later it won't work. Whenever I try and login to the network, I receive an error message 'The security database on the server does not have a computer account for this workstation trust relationship.' I am using VMWare Workstation as the hypervisor. I have tried everything I can think of to fix this but there is absolutely no way for me to login using the virtual machine. I would like to hire you to look into this for me as I am at my wits end! "

My response:

I asked Jeff if he would like me to connect to his machine using my remote desktop support service, and he agreed.

This problem was extremely frustrating to figure out that it took me almost an entire day. There are so many variables involved in a problem like this, being that it is a network, a virtual machine, and a Windows Server issue. Searching for the error message 'The security database on the server does not have a computer account for this workstation trust relationship.' on Google brought up many articles, but few that had anything to do with the environment we were working with.

With that said I'll go through this problem using a step-by-step approach, in case anyone else reading this is pulling out their hair trying to resolve this!

How to Fix: VM Can't Connect to Windows Server (No Trust Relationship)

  1. The first thing you will want to do is to ensure that the virtual machine network is in fact working and you can ping the Windows Server (and vice versa). Trying to test this however brings a 'double edged sword' problem. The issue is that you can't test the network without logging into to the desktop, and you can't login to the desktop because the error 'The security database on the server does not have a computer account for this workstation trust relationship.' keeps appearing, effectively locking you out.

    To get around this, temporarily disable the network adapter on the virtual machine. Doing so will allow you to login to the Windows Server domain; once you're in, you can enable the network adapter again, ping the server, then go to the server and ping the virtual machine to ensure traffic is flowing both ways. For what it's worth, I always use "Bridged Networking" when using a virtual machine and VMWare Workstation as this connects directly to the physical network.

    IMPORTANT
    : once you're at the desktop, you will want to name your virtual machine appropriately so it is not conflicting the the machine you just virtualized - otherwise Active Directory will get confused and lock you out of the network. To do so: click Start, then right click "My Computer" or "This PC", then click the link for "Advanced System Settings". The "System Properties" window will appear; click the "Computer Name" tab, then click the "Change..." button and make sure the name is unique for that computer. For example, if the machine you virtualized was called "Bob-P4" then you will want to name the virtual machine as "Bob-P4-VM", for example. Apply the changes; you will most likely need to reboot the virtual machine at this point - but before you do that, check Step #2, first.
     
  2. Another problem I've come across when it comes to networking is the use of "Home", "Work", and "Public" networks in Windows 7, 8 and 10. If the virtual machine's network is set as "Public", this can royally screw things up. In this case, Windows thinks your computer is connected to a WiFi hot spot (or similar), which then firewalls legitimate traffic, causing issues. To get around this, make sure that the virtual machine network is set as "Home" or "Work" and not "Public". To verify this, right click on your network adapter (near the clock), then choose "Open Network and Sharing Center". The Network and Sharing Center will appear and will say whether or not your adapter is connected to a "Public" or "Private" network. Refer to this article if you need to change the network from Public to Private (for Windows 7, 8 or 10).
     
  3. Now it's time to ensure there are no duplicate organizational units (OUs) within Active Directory, which can prevent the virtual machine from logging in. To do so: login to the Windows Server, then click Start -> Administrative Tools -> Active Directory Users and Computers. Here you will see a list of organizational units (OUs) of the existing machines connected to the domain controller. Delete any objects related to the virtual machine you created - including both the physical machine and the virtualized machine. For example: if the machine you virtualized was named "Bob-P4" and you also see "Bob-P4-VM", delete them both. This effectively resets Active Directory for BOTH machines (the physical one as well as the virtualized one), which were most likely butting heads on the network and preventing you from logging in.
     
  4. At this point you should be ready to re-connect the virtual machine to the domain controller. Login to the virtual machine if you are not already - you may need to disable the network temporarily as I mentioned in Step #1. Once you are at the desktop, re-enable the network.

    Next, click Start, then right click "My Computer" or "This PC", then click the link for "Advanced System Settings". The "System Properties" window will appear; click the "Computer Name" tab, then click the "Network ID..." button. This will start the "Join a Network or Domain" wizard. Click the option for "This computer is part of a business network; I use it to connect to other computers at work", then click "Next". On the following screen choose "My computer uses a network with a domain", then click "Next". Windows will tell you it needs some information, etc - click "Next", then enter in your user name, password, and domain to connect to. Click "Next" when finished.

Windows should now connect you directly to the domain controller and you should be able to log out, then log back in to the network without any issues.

I hope that helps!

Additional 1-on-1 Support: From Dennis

If all of this is over your head, or if you're still having issues with the error message:  'The security database on the server does not have a computer account for this workstation trust relationship.' - I can help using my remote desktop support service. Simply contact me, briefly describing the issue and I will get back to you as soon as possible.

Got a Computer Question or Problem? Ask Dennis!

I need more computer questions. If you have a computer question -- or even a computer problem that needs fixing -- please email me with your question so that I can write more articles like this one. I can't promise I'll respond to all the messages I receive (depending on the volume), but I'll do my best.

About the author: Dennis Faas is the owner and operator of Infopackets.com. With over 30 years of computing experience, Dennis' areas of expertise are a broad range and include PC hardware, Microsoft Windows, Linux, network administration, and virtualization. Dennis holds a Bachelors degree in Computer Science (1999) and has authored 6 books on the topics of MS Windows and PC Security. If you like the advice you received on this page, please up-vote / Like this page and share it with friends. For technical support inquiries, Dennis can be reached via Live chat online this site using the Zopim Chat service (currently located at the bottom left of the screen); optionally, you can contact Dennis through the website contact form.

Rate this article: 
Average: 5 (2 votes)