Your account has expired. Please see your system administrator.
* Note, this is the computer account.
The security database on the server does not have a computer account for this workstation trust relationship.
From Microsoft
|
Log on locally as a local administrator. In the Network tool of Control Panel, select Change and enter a Workgroup name, leaving the domain. Restart the computer and log on locally as a local administrator.There are two methods to rejoin the domain:
|
These are the possible causes of the account expired
01 – Date/Time is set incorrectly
02 – Missing domain suffix – possibly from a failed GPO or DHCP server
03 – SPN may not be updating correctly
04 – Duplicate SPN on the DC – http://technet.microsoft.com/en-us/library/cc733945(WS.10).aspx
04 – Computer Account conflict/corrupted – disjoin/rejoin
05 – There is a user domainName\MachineName in the local administrators, remove it from the administrators group
06 – A Windows update failed
* Simplest fixes: check time and/or disjoin/rejoin machine to domain
Try this out on the Domain Controller:
From a DC/AD server
ldifde -f C:\SPNs.txt -t 3268 -d dc=domain,dc=com -l serviceprincipalname -r (serviceprincipalname=*) -p subtree
In the above command, replace DC=domain,DC=com with the DN of the domain. To check if duplicate SPN is present.
The issue could be a duplicate HOST or entry for the server found in a service account
OR
A) Start > Run > ADSIEDIT.MSC
B) Go to Domain Partition and mark the affected computer
C) Rightclick and Properties.
D) Doubleclick ServicePrincipalName
E) Add new value: HOST/yourcomputername.yourdomain.xyz or whatever HOST is missing.
Reference
http://technet.microsoft.com/en-us/library/cc957199.aspx
http://technet.microsoft.com/en-us/library/ee849847(v=ws.10).aspx
