Solved

Windows NT/2000 Domain Computer Account problems. Secure channels?

Posted on 2003-12-09
16
56,312 Views
Last Modified: 2013-12-19
Hi all,
I have a Windows 2000 server which was running fine until a UPS problem this morning caused it to cut out. When it finished booting back up 5-10 minutes later, ALL of my Windows NT workstations started giving the error "The system could not log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect" when anyone tries to log on. The WinXP stations are fine.

I have tried..

Restoring the C drive plus system state from backups (I tried both last night's and a two week old backup. Though before it died, the server hadn't been rebooted in 3 months so who knows what setting might have changed that didn't take effect until today's reboot).

Making a workstation leave the domain, reboot, rejoin the domain, reboot again. Same error.

netdom query /domain:[domain] /reset /workstation - Goes through each station reporting "The trust relationship between this workstation and the primary domain failed." That's the Win2000 version on the server

netdom member [workstation] /joindomain - This is the NT4 netdom. On the Win2k server it reports that the RPC server in unavailable on the workstation. When tried on the workstation, it appears to work but after rebooting the machine, I get the same "system's computer account missing/password incorrect" message.

Based on what I've read, I really don't understand why all NT machines would fail at the same time. Has anybody got any ideas? I really don't want to have to go around 100+ NT machines installing XP on them.

Thanks in advance
0
Comment
Question by:cplhades
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
  • +3
16 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 9908324
hi  cplhades,

just want to know if you have read the following MSKB article?

Partial RPC Entries May Cause Netlogon Error Messages
http://support.microsoft.com/?id=kb;en-us;259736

hope it helps,
bbao
0
 

Author Comment

by:cplhades
ID: 9908337
Hi,
Yes, I've checked that.. that registry setting is in place.
0
 
LVL 13

Expert Comment

by:Gnart
ID: 9908985
Is the PDC emulator running?  The WINNT domain account being referenced probably points to an emulated NT4 domain.

cheers
0
MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

 

Author Comment

by:cplhades
ID: 9910150
I only have one domain controller which appears to be running fine. Is there anything specific I should check?
0
 
LVL 37

Expert Comment

by:bbao
ID: 9910292
hmm, your problem is a challenge.

can your windows nt workstationsws logon to the domain using cached logon information?

i know you have tried NETDOM command with either QUERY and MEMBER options, but when you did it, did you have connect to other server/workstations with its administrator's rights?
0
 

Author Comment

by:cplhades
ID: 9910588
I'm fairly sure the NT machines are set not to cache logon information, so I can't try that. I tried netdom with administrator rights on both machines.

Upon closer inspection of the XP machines, they aren't totally happy either.

Event Type:      Warning
Event Source:      LSASRV
Event Category:      SPNEGO (Negotiator)
Event ID:      40960
Description:
The Security System detected an attempted downgrade attack for server cifs/server1.bellemoor.southampton.gov.uk.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)".

Event Type:      Warning
Event Source:      LSASRV
Event Category:      SPNEGO (Negotiator)
Event ID:      40961
Description:
The Security System could not establish a secured connection with the server cifs/server1.bellemoor.southampton.gov.uk.  No authentication protocol was available.
0
 

Author Comment

by:cplhades
ID: 9913345
Okay, I'm gonna have to give up. Format and reinstall time.
0
 
LVL 37

Expert Comment

by:bbao
ID: 9913388
o? i just found a lot of links about this problems...
0
 
LVL 37

Expert Comment

by:bbao
ID: 9913398
but, i have to say, all of them are raw materials, have not been analysized well...
0
 
LVL 37

Expert Comment

by:bbao
ID: 10015753
cplhades, please close this question: accept the helpful comments OR ask EE moderator to delete it and get refund. thanks.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 10029466
PAQed, with points refunded (500)

Computer101
E-E Admin
0
 

Expert Comment

by:senthilsiva
ID: 10648224
Im too facing the exact problem, could not figure it.

Please show some light on this.

Senthil
0
 

Expert Comment

by:beamex
ID: 10664765
Hi' All

I'm pretty sure the problem is related to name resolution..

0
 

Expert Comment

by:senthilsiva
ID: 13499288
I resolved this issue after a week but pardon me for not sending the mail.

we removed all existing computer names from domain controller and changed the all NT system names to another one and joined it into the domain. It Works !!!.

Now its going smooth but in different name. Dont ask me what was the problem, cos im too in confusion in MS products.

Hope this would work for all who have this issue still.
0
 
LVL 37

Expert Comment

by:bbao
ID: 13502604
seems it is a labor intensive solution, hehe. anyway, you should be awarded because of your continuous effort. :)
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
An article on effective troubleshooting
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question