This problems exists in the below Environment
ForestA, has been around awhile, has one domain Called DomainQ
ForestC, is new, has one domain called DomainR
ForestC has a one way transitive trust to ForestA and shares a namespace. Dns connectivity is in place, NTP is working correctly where ForestC pulls its time from ForestA and users in ForestA have been permissioned on devices in ForestC.
Below is the netlogon dump and log files that look relevant, it's odd because I get a successfully logged on message but the users is prompted with "The security database on the server does not have a computer account for this workstation trust relationship" and when the click on they are back at the logon prompt. Nothing related to that error message that I have tried has helped.
http://technet.microsoft.com/en-us/library/ee849847%28WS.10%29.aspx
The above was not any help as this is a one way transitive forest trust so the trust level is already 2. The other 5 suggested links were also not useful.
07/18 12:18:29 [LOGON] [556] SamLogon: Network logon of DomainQInForestA\UserInDomainQ from UsersDesktopInDomainQ Returns 0x0
07/18 12:18:33 [LOGON] [556] SamLogon: Network logon of DomainQInForestA\UserInDomainQ from UsersDesktopInDomainQ Entered
07/18 12:18:33 [LOGON] [556] SamLogon: Network logon of DomainQInForestA\UserInDomainQ from UsersDesktopInDomainQ Returns 0x0
07/18 12:18:33 [MISC] [556] DsGetDcName function called: client PID=1636, Dom:DomainQInForestA Acct:(null) Flags: RET_DNS
07/18 12:18:33 [MISC] [556] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c03ffff1
07/18 12:18:33 [MAILSLOT] [556] NetpDcPingListIp: DomainQInForestA.My.Forest.Name: Sent UDP ping to IPv6AddressUniquetoDCinDOmainQ
07/18 12:18:33 [MISC] [556] NetpDcAllocateCacheEntry: new entry 0x000000D29F24EB50 -> DC:DCinDomainQ DnsDomName:DomainQInForestA.My.Forest.Name Flags:0x71fc
07/18 12:18:33 [MISC] [556] NetpDcGetName: NetpDcGetNameIp returned 0
07/18 12:18:33 [MISC] [556] DsGetDcName: results as follows: DCName:\\DCinDomainQ.DomainQInForestA.My.Forest.Name DCAddress:\\IPv6AddressUniquetoDCinDOmainQ DCAddrType:0x1 DomainName:DomainQInForestA.My.Forest.Name DnsForestName:My.Forest.Name Flags:0xe00071fc DcSiteName:SiteInDomainQ ClientSiteName:SiteInDomainQOfClients
07/18 12:18:33 [MISC] [556] DsGetDcName function returns 0 (client PID=1636): Dom:DomainQInForestA Acct:(null) Flags: RET_DNS
07/18 12:18:33 [MISC] [2800] DsGetDcName function called: client PID=4, Dom:DomainRinForestC.SpecialProject.My.Forest.Name Acct:(null) Flags: IP KDC
07/18 12:18:33 [MISC] [2800] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c03ffff1
07/18 12:18:33 [MISC] [2800] NetpDcGetName: DomainRinForestC.SpecialProject.My.Forest.Name using cached information ( NlDcCacheEntry = 0x000000D29F269FC0 )
07/18 12:18:33 [MISC] [2800] DsGetDcName: results as follows: DCName:\\DCinDomainRinForestC.DomainRinForestC.SpecialProject.My.Forest.Name DCAddress:\\IPv4AddressofDCinDomainRinForestCDCAddrType:0x1 DomainName:DomainRinForestC.SpecialProject.My.Forest.Name DnsForestName:DomainRinForestC.SpecialProject.My.Forest.Name Flags:0xe00071fc DcSiteName:Default-First-Site-Name ClientSiteName:Default-First-Site-Name
07/18 12:18:33 [MISC] [2800] DsGetDcName function returns 0 (client PID=4): Dom:DomainRinForestC.SpecialProject.My.Forest.Name Acct:(null) Flags: IP KDC
07/18 12:18:34 [SESSION] [2912] I_NetLogonGetAuthData called: (null) DomainRinForestC (Flags 0x1)
07/18 12:19:16 [SESSION] [1968] I_NetLogonGetAuthData called: (null) DomainRinForestC (Flags 0x1)
07/18 12:19:29 [MISC] [2912] DsGetDcName function called: client PID=916, Dom:(null) Acct:(null) Flags: DS BACKGROUND
07/18 12:19:29 [MISC] [2912] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c03ffff1
07/18 12:19:29 [MISC] [2912] NetpDcGetName: DomainRinForestC.SpecialProject.My.Forest.Name. using cached information ( NlDcCacheEntry = 0x000000D29F269FC0 )
07/18 12:19:29 [MISC] [2912] DsGetDcName: results as follows: DCName:\\DCinDomainRinForestC.DomainRinForestC.SpecialProject.My.Forest.Name DCAddress:\\IPv4AddressofDCinDomainRinForestCDCAddrType:0x1 DomainName:DomainRinForestC.SpecialProject.My.Forest.Name DnsForestName:DomainRinForestC.SpecialProject.My.Forest.Name Flags:0xe00071fc DcSiteName:Default-First-Site-Name ClientSiteName:Default-First-Site-Name
07/18 12:19:29 [MISC] [2912] DsGetDcName function returns 0 (client PID=916): Dom:(null) Acct:(null) Flags: DS BACKGROUND
07/18 12:22:17 [SESSION] [1040] DomainRinForestC: NlTimeoutApiClientSession: Unbind from server \\DCinDomainRinForestC.DomainRinForestC.SpecialProject.My.Forest.Name (TCP) 1.
An account was successfully logged on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Impersonation Level: Impersonation
New Logon:
Security ID: DomainQInForestA\UserInDomainQ
Account Name: UserInDomainQ
Account Domain: REDMOND
Logon ID: 0x81D94
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: UsersDesktopInDomainQ
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V2
Key Length: 128
ForestA, has been around awhile, has one domain Called DomainQ
ForestC, is new, has one domain called DomainR
ForestC has a one way transitive trust to ForestA and shares a namespace. Dns connectivity is in place, NTP is working correctly where ForestC pulls its time from ForestA and users in ForestA have been permissioned on devices in ForestC.
Below is the netlogon dump and log files that look relevant, it's odd because I get a successfully logged on message but the users is prompted with "The security database on the server does not have a computer account for this workstation trust relationship" and when the click on they are back at the logon prompt. Nothing related to that error message that I have tried has helped.
http://technet.microsoft.com/en-us/library/ee849847%28WS.10%29.aspx
The above was not any help as this is a one way transitive forest trust so the trust level is already 2. The other 5 suggested links were also not useful.
07/18 12:18:29 [LOGON] [556] SamLogon: Network logon of DomainQInForestA\UserInDomainQ from UsersDesktopInDomainQ Returns 0x0
07/18 12:18:33 [LOGON] [556] SamLogon: Network logon of DomainQInForestA\UserInDomainQ from UsersDesktopInDomainQ Entered
07/18 12:18:33 [LOGON] [556] SamLogon: Network logon of DomainQInForestA\UserInDomainQ from UsersDesktopInDomainQ Returns 0x0
07/18 12:18:33 [MISC] [556] DsGetDcName function called: client PID=1636, Dom:DomainQInForestA Acct:(null) Flags: RET_DNS
07/18 12:18:33 [MISC] [556] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c03ffff1
07/18 12:18:33 [MAILSLOT] [556] NetpDcPingListIp: DomainQInForestA.My.Forest.Name: Sent UDP ping to IPv6AddressUniquetoDCinDOmainQ
07/18 12:18:33 [MISC] [556] NetpDcAllocateCacheEntry: new entry 0x000000D29F24EB50 -> DC:DCinDomainQ DnsDomName:DomainQInForestA.My.Forest.Name Flags:0x71fc
07/18 12:18:33 [MISC] [556] NetpDcGetName: NetpDcGetNameIp returned 0
07/18 12:18:33 [MISC] [556] DsGetDcName: results as follows: DCName:\\DCinDomainQ.DomainQInForestA.My.Forest.Name DCAddress:\\IPv6AddressUniquetoDCinDOmainQ DCAddrType:0x1 DomainName:DomainQInForestA.My.Forest.Name DnsForestName:My.Forest.Name Flags:0xe00071fc DcSiteName:SiteInDomainQ ClientSiteName:SiteInDomainQOfClients
07/18 12:18:33 [MISC] [556] DsGetDcName function returns 0 (client PID=1636): Dom:DomainQInForestA Acct:(null) Flags: RET_DNS
07/18 12:18:33 [MISC] [2800] DsGetDcName function called: client PID=4, Dom:DomainRinForestC.SpecialProject.My.Forest.Name Acct:(null) Flags: IP KDC
07/18 12:18:33 [MISC] [2800] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c03ffff1
07/18 12:18:33 [MISC] [2800] NetpDcGetName: DomainRinForestC.SpecialProject.My.Forest.Name using cached information ( NlDcCacheEntry = 0x000000D29F269FC0 )
07/18 12:18:33 [MISC] [2800] DsGetDcName: results as follows: DCName:\\DCinDomainRinForestC.DomainRinForestC.SpecialProject.My.Forest.Name DCAddress:\\IPv4AddressofDCinDomainRinForestCDCAddrType:0x1 DomainName:DomainRinForestC.SpecialProject.My.Forest.Name DnsForestName:DomainRinForestC.SpecialProject.My.Forest.Name Flags:0xe00071fc DcSiteName:Default-First-Site-Name ClientSiteName:Default-First-Site-Name
07/18 12:18:33 [MISC] [2800] DsGetDcName function returns 0 (client PID=4): Dom:DomainRinForestC.SpecialProject.My.Forest.Name Acct:(null) Flags: IP KDC
07/18 12:18:34 [SESSION] [2912] I_NetLogonGetAuthData called: (null) DomainRinForestC (Flags 0x1)
07/18 12:19:16 [SESSION] [1968] I_NetLogonGetAuthData called: (null) DomainRinForestC (Flags 0x1)
07/18 12:19:29 [MISC] [2912] DsGetDcName function called: client PID=916, Dom:(null) Acct:(null) Flags: DS BACKGROUND
07/18 12:19:29 [MISC] [2912] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c03ffff1
07/18 12:19:29 [MISC] [2912] NetpDcGetName: DomainRinForestC.SpecialProject.My.Forest.Name. using cached information ( NlDcCacheEntry = 0x000000D29F269FC0 )
07/18 12:19:29 [MISC] [2912] DsGetDcName: results as follows: DCName:\\DCinDomainRinForestC.DomainRinForestC.SpecialProject.My.Forest.Name DCAddress:\\IPv4AddressofDCinDomainRinForestCDCAddrType:0x1 DomainName:DomainRinForestC.SpecialProject.My.Forest.Name DnsForestName:DomainRinForestC.SpecialProject.My.Forest.Name Flags:0xe00071fc DcSiteName:Default-First-Site-Name ClientSiteName:Default-First-Site-Name
07/18 12:19:29 [MISC] [2912] DsGetDcName function returns 0 (client PID=916): Dom:(null) Acct:(null) Flags: DS BACKGROUND
07/18 12:22:17 [SESSION] [1040] DomainRinForestC: NlTimeoutApiClientSession: Unbind from server \\DCinDomainRinForestC.DomainRinForestC.SpecialProject.My.Forest.Name (TCP) 1.
An account was successfully logged on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Impersonation Level: Impersonation
New Logon:
Security ID: DomainQInForestA\UserInDomainQ
Account Name: UserInDomainQ
Account Domain: REDMOND
Logon ID: 0x81D94
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: UsersDesktopInDomainQ
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V2
Key Length: 128