"No computer account for trust" error when you change domain account password in Windows

Applies to: Windows Server 2012 R2 DatacenterWindows Server 2012 R2 StandardWindows Server 2012 R2 Essentials More

This article describes a problem that occurs when you change the domain account password in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 7 Service Pack 1 (SP1), Windows Server 2008 R2 SP1, Windows Vista SP2, or Windows Server 2008 SP2. Before you install this update, see the Prerequisites section.

Symptoms


This problem affects operating systems that use the "Windows Kerberos Security Feature Bypass" (related to CVE-2016-0049). After you install security update 3126041, when you try to change your password through an untrusted domain, you may receive an error message that looks something like this:

The security database on the server does not have a computer account for the workstation trust relationship

For example, this problem may occur when you try to change your "domain B" password from a computer that is joined to "domain A", and the trust from "domain A" to "domain B" isn't configured.

Note The password is successfully changed even though you receive the error message.

How to get this update


Important If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.


Notes
  • To fix this issue for Windows 7 or Windows Server 2008 R2, install security update 3140410.
  • To fix this issue for Windows 8.1, Windows Server 2012 R2, Windows Vista SP2, or Windows Server 2008 SP2, install the update that is described in this article.
  • To fix this issue for Windows Server 2012, install update 3125424.

Method 1: Windows Update

This update is provided as a Recommended update on Windows Update. For more information on how to run Windows Update, see How to get an update through Windows Update.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.



Update detail information


Prerequisites

To install this update, you should first install April 2014, update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2919355) in Windows 8.1 or Windows Server 2012 R2. Or, install Service Pack 2 for Windows Vista and for Windows Server 2008.


Registry information

To apply this update, you don't have to make any changes to the registry.

Restart requirement

You may have to restart the computer after you apply this update.

Update replacement information

This update doesn't replace a previously released update.

Status


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

References


Learn about the terminology that Microsoft uses to describe software updates.

File Information


The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.