Domain Controller failed test Machineaccount
While you run a DCDIAG command on Domain Controller which failed with bellow error, will discuss how to find the issue and solution to fix the issue
Starting test: MachineAccount
* DC Name is not a server trust account
* DC Name is not trusted for account delegation
……………………. DC Name failed test MachineAccount
Issue may be with DNS, Computer Account, and Duplicate SPN registration, troubleshoot one by one to find the root cause
Computer Account: Check if any duplicate Domain Controller computer accounts with same name are present on your Domain/Forest, yes shouldn’t be any computer object with the same on your entire Forest, so check your entire child Domains with in the Forest
In my case, I found the Domain Controller computer object with same name in different Domain, have deleted the duplicate computer accounts to resolve the issue
DNS: Check if any issue with the DNS registration on host record and other SRV record, also the assigned primary ans secondary DNS servers are operational and reachable from the affected server
SPN Registration: Check if any duplicate service principal name in active directory, sometime the same name might be registered with other Computer in a Domain
Also verify the Domain Controller computer account trust relationship by net view or net use command, how to find check here
I have resolved the issue by deleting the duplicate Domain Controller computer object from different Domain, you may find different solution for the same issue, hope this will help you to fix the issue
Related posts:
AD Slow Authentication and prompting for credentials again and again
Active directory Troubleshooting (Part1 – Diagnostics Logging)
Replsummary showing unknown for largest delta on AD replication checks
Windows Server 2012 Active Directory Trust Relationship Problem
Planning safe Decommission of Domain Controller (Decommission of Active Directory site) Without Impacting Users
