Solved

Windows NT/2000 Domain Computer Account problems. Secure channels?

Posted on 2003-12-09
16
56,301 Views
Last Modified: 2013-12-19
Hi all,
I have a Windows 2000 server which was running fine until a UPS problem this morning caused it to cut out. When it finished booting back up 5-10 minutes later, ALL of my Windows NT workstations started giving the error "The system could not log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect" when anyone tries to log on. The WinXP stations are fine.

I have tried..

Restoring the C drive plus system state from backups (I tried both last night's and a two week old backup. Though before it died, the server hadn't been rebooted in 3 months so who knows what setting might have changed that didn't take effect until today's reboot).

Making a workstation leave the domain, reboot, rejoin the domain, reboot again. Same error.

netdom query /domain:[domain] /reset /workstation - Goes through each station reporting "The trust relationship between this workstation and the primary domain failed." That's the Win2000 version on the server

netdom member [workstation] /joindomain - This is the NT4 netdom. On the Win2k server it reports that the RPC server in unavailable on the workstation. When tried on the workstation, it appears to work but after rebooting the machine, I get the same "system's computer account missing/password incorrect" message.

Based on what I've read, I really don't understand why all NT machines would fail at the same time. Has anybody got any ideas? I really don't want to have to go around 100+ NT machines installing XP on them.

Thanks in advance
0
Comment
Question by:cplhades
  • 6
  • 4
  • 2
  • +3
16 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 9908324
hi  cplhades,

just want to know if you have read the following MSKB article?

Partial RPC Entries May Cause Netlogon Error Messages
http://support.microsoft.com/?id=kb;en-us;259736

hope it helps,
bbao
0
 

Author Comment

by:cplhades
ID: 9908337
Hi,
Yes, I've checked that.. that registry setting is in place.
0
 
LVL 13

Expert Comment

by:Gnart
ID: 9908985
Is the PDC emulator running?  The WINNT domain account being referenced probably points to an emulated NT4 domain.

cheers
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 

Author Comment

by:cplhades
ID: 9910150
I only have one domain controller which appears to be running fine. Is there anything specific I should check?
0
 
LVL 37

Expert Comment

by:bbao
ID: 9910292
hmm, your problem is a challenge.

can your windows nt workstationsws logon to the domain using cached logon information?

i know you have tried NETDOM command with either QUERY and MEMBER options, but when you did it, did you have connect to other server/workstations with its administrator's rights?
0
 

Author Comment

by:cplhades
ID: 9910588
I'm fairly sure the NT machines are set not to cache logon information, so I can't try that. I tried netdom with administrator rights on both machines.

Upon closer inspection of the XP machines, they aren't totally happy either.

Event Type:      Warning
Event Source:      LSASRV
Event Category:      SPNEGO (Negotiator)
Event ID:      40960
Description:
The Security System detected an attempted downgrade attack for server cifs/server1.bellemoor.southampton.gov.uk.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)".

Event Type:      Warning
Event Source:      LSASRV
Event Category:      SPNEGO (Negotiator)
Event ID:      40961
Description:
The Security System could not establish a secured connection with the server cifs/server1.bellemoor.southampton.gov.uk.  No authentication protocol was available.
0
 

Author Comment

by:cplhades
ID: 9913345
Okay, I'm gonna have to give up. Format and reinstall time.
0
 
LVL 37

Expert Comment

by:bbao
ID: 9913388
o? i just found a lot of links about this problems...
0
 
LVL 37

Expert Comment

by:bbao
ID: 9913398
but, i have to say, all of them are raw materials, have not been analysized well...
0
 
LVL 37

Expert Comment

by:bbao
ID: 10015753
cplhades, please close this question: accept the helpful comments OR ask EE moderator to delete it and get refund. thanks.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 10029466
PAQed, with points refunded (500)

Computer101
E-E Admin
0
 

Expert Comment

by:senthilsiva
ID: 10648224
Im too facing the exact problem, could not figure it.

Please show some light on this.

Senthil
0
 

Expert Comment

by:beamex
ID: 10664765
Hi' All

I'm pretty sure the problem is related to name resolution..

0
 

Expert Comment

by:senthilsiva
ID: 13499288
I resolved this issue after a week but pardon me for not sending the mail.

we removed all existing computer names from domain controller and changed the all NT system names to another one and joined it into the domain. It Works !!!.

Now its going smooth but in different name. Dont ask me what was the problem, cos im too in confusion in MS products.

Hope this would work for all who have this issue still.
0
 
LVL 37

Expert Comment

by:bbao
ID: 13502604
seems it is a labor intensive solution, hehe. anyway, you should be awarded because of your continuous effort. :)
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question