Hi guys! Im having a major problem here. I have an Exchange 2003 server running Windows Server 2003, within a Windows 2000 domain. Everything has been fine until my boss called me two days ago saying that email wasnt working. I investigated, and two days later, have not made any progress in fixing this issue.
The Exchange Server (ES1), is not able to connect to the Domain Controller (DC1).
From the ES1, when I try to log on to the domain, I get the following message:
Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable, or because your computer account was not found. Please try again later. If this message continues to appear, contact your system administrator for assistance.
I am able to log on to the local computer.
From any computer on the network, when I try to access a share on ES1, I get the following message:
\\es1\c$ is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions. The trust relationship between this workstation and the primary domain failed.
On DC1, the following events are reported:
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5790
Date: 3/29/2006
Time: 1:19:36 AM
User: N/A
Computer: DC1
Description:
The description for Event ID ( 5790 ) in Source ( NETLOGON ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: ES1, Access is denied. .
Data:
0000: 22 00 00 c0 "..À
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5723
Date: 3/29/2006
Time: 1:17:26 AM
User: N/A
Computer: DC1
Description:
The session setup from the computer ES1 failed because there is no trust account in the security database for this computer. The name of the account referenced in the security database is ES1$.
Data:
0000: 8b 01 00 c0 ?..À
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10002
Date: 3/29/2006
Time: 1:17:25 AM
User: HDCINC\DC2$
Computer: DC1
Description:
Access denied attempting to launch a DCOM Server. The server is:
{D99E6E74-FC88-11D0-B498-0
0A0C90312F
3}
The user is DC2$/HDCINC, SID=S-1-5-21-861567501-199
3962763-13
43024091-2
106.
On ES1, I have the following errors:
Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 46
Date: 3/29/2006
Time: 1:38:01 AM
User: N/A
Computer: ES1
Description:
The time service encountered an error and was forced to shut down. The error was: 0x80070700: An attempt was made to logon, but the network logon service was not started.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1053
Date: 3/29/2006
Time: 1:37:49 AM
User: NT AUTHORITY\SYSTEM
Computer: ES1
Description:
Windows cannot determine the user or computer name. (Access is denied. ). Group Policy processing aborted.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 3210
Date: 3/29/2006
Time: 1:37:45 AM
User: N/A
Computer: ES1
Description:
This computer could not authenticate with \\dc2.hdcinc.org, a Windows domain controller for domain HDCINC, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 22 00 00 c0 "..À
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5721
Date: 3/29/2006
Time: 1:40:50 AM
User: N/A
Computer: ES1
Description:
The session setup to the Windows NT or Windows 2000 Domain Controller \\dc1.hdcinc.org for the domain HDCINC failed because the Domain Controller did not have an account ES1$ needed to set up the session by this computer ES1.
ADDITIONAL DATA
If this computer is a member of or a Domain Controller in the specified domain, the aforementioned account is a computer account for this computer in the specified domain. Otherwise, the account is an interdomain trust account with the specified domain.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 8b 01 00 c0 ?..À
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 3/29/2006
Time: 1:39:28 AM
User: N/A
Computer: ES1
Description:
The Windows Time service terminated with the following error:
An attempt was made to logon, but the network logon service was not started.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 3/29/2006
Time: 1:14:15 AM
User: N/A
Computer: ES1
Description:
The Security System detected an authentication error for the server ldap/hdcinc.org. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
(0xc000005e)".
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 5e 00 00 c0 ^..À
I have tried many things to resolve these issues including:
-using netdom resetpwd to reset the secure channel
-checked out nic settings on ES1, dns server points to DC1
-repeatedly tried removing ES1 from the domain, then readded (sometimes deleting the computer acct in AD, moving it to a new OU, etc.)
-and just a ton of other things. Sorry, very tired now
Until I am able to get this working, the company has no email as the exchange services will not start due to the authentication problem. Please help
