• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • UC Berkeley
  • Berkeley Engineering
  • EECS

Header Search Widget

IRIS

Instructional & Research Information Systems

  • About Us
  • Get Started
  • Get Help
  • FAQ
    • FAQ: Accounts
    • FAQ: EECS Slack
    • FAQ: File Storage
    • FAQ: Hardware
    • FAQ: MacOS
    • FAQ: Mail
    • FAQ: Mailing Lists
    • FAQ: Network
    • FAQ: Security
    • FAQ: Unix
    • FAQ: Web
    • FAQ: Windows
  • Services
    • Accounts
    • Backups
    • E-mail
    • EECS Login Servers
    • File Storage
    • Infrastructure
    • Mailing Lists
    • Network
    • Printing
    • Room Reservations
    • Security
    • Software
    • Unix
    • Web
  • Policies
  • Forms
    • System Registration/Update
    • Account Request Form
    • Network Problem Report
    • SSL Certificate Request
    • All Other Forms
  • Rates

Microsoft patches affecting some domain clients

June 11, 2015 by Lars Rohrbach

We have received multiple reports of people having trouble logging into EECS-domain Windows machines this morning, following application of the most recent Microsoft patches. Clients receive a message indicating: “The security database on the server does not have a computer account for this workstation trust relationship.”

Re-joining the EECS domain fixes this, but a simpler solution is also reported to work: * Unplug your ethernet connection (wireless users may have a physical switch to disable wireless).
* Login with your EECS account as normal (it will used cached credentials).
* Reconnect ethernet cable (or enable wireless).
* Logout, and then test that you can successfully login normally (while connected) again.

UPDATE

[2015-06-12 15:49:33 | Lars Rohrbach]

If you haven’t already patched and rebooted your Windows devices following installation of the June Microsoft patches, we recommend waiting — and working with your system administrator to plan for dealing with this NETLOGON error, just in case it affects your machine.

System administrators will want to make sure that a local account with administrative privilege is available, so that one can use it to login and re-join the EECS domain if necessary.


UPDATE

[2015-06-17 10:30:51 | Lars Rohrbach]

We believe the NETLOGON problem that affected some EECS domain clients is now resolved. If you haven’t already patched and rebooted, you should proceed with routine patching.

The problem appears to stem from a mismatch between two computer object attributes in Active Directory which are typically set by the client machine: dNSHostName and servicePrincipalName. Machines that exhibited the NETLOGON failure had a dNSHostName that includes the domain suffix (e.g. “MYHOSTNAME.eecs.berkeley.edu”) but had values in servicePrincipalName that did not (e.g. “RestrictedKrbHost/MYHOSTNAME”); adding a matching servicePrincipalName (“RestrictedKrbHost/MYHOSTNAME.eecs.berkeley.edu”) allowed logins to work normally again.

We have made this adjustment for all relevant computer objects in the EECS domain. Note that there are still valid reasons to receive the original error message, such as not being online or having the computer account removed from Active Directory. If you do still have any trouble logging in, feel free to email help@eecs.

Filed Under: News

Primary Sidebar

IRIS Service Status

Green
We have 0 Active Incidents, and 0 Scheduled Maintenances noted.

IST Service Status

Outages to campus services are listed at berkeley.statusdashboard.com.

Recent Highlights

IRIS to begin syncing names from CalNet

March 9, 2023 by Lars Rohrbach

Upcoming Change to EECS Firewall Handling of SSH

September 22, 2022 by Lars Rohrbach

  • About
  • Contact
  • PRIVACY
  • ACCESSIBILITY
  • NONDISCRIMINATION

© 2022–2023 UC Regents  |  Log in