Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Windows NT/2000 Domain Computer Account problems. Secure channels?

Posted on 2003-12-09
16
Medium Priority
?
56,327 Views
Last Modified: 2013-12-19
Hi all,
I have a Windows 2000 server which was running fine until a UPS problem this morning caused it to cut out. When it finished booting back up 5-10 minutes later, ALL of my Windows NT workstations started giving the error "The system could not log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect" when anyone tries to log on. The WinXP stations are fine.

I have tried..

Restoring the C drive plus system state from backups (I tried both last night's and a two week old backup. Though before it died, the server hadn't been rebooted in 3 months so who knows what setting might have changed that didn't take effect until today's reboot).

Making a workstation leave the domain, reboot, rejoin the domain, reboot again. Same error.

netdom query /domain:[domain] /reset /workstation - Goes through each station reporting "The trust relationship between this workstation and the primary domain failed." That's the Win2000 version on the server

netdom member [workstation] /joindomain - This is the NT4 netdom. On the Win2k server it reports that the RPC server in unavailable on the workstation. When tried on the workstation, it appears to work but after rebooting the machine, I get the same "system's computer account missing/password incorrect" message.

Based on what I've read, I really don't understand why all NT machines would fail at the same time. Has anybody got any ideas? I really don't want to have to go around 100+ NT machines installing XP on them.

Thanks in advance
0
Comment
Question by:cplhades
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
  • +3
16 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 9908324
hi  cplhades,

just want to know if you have read the following MSKB article?

Partial RPC Entries May Cause Netlogon Error Messages
http://support.microsoft.com/?id=kb;en-us;259736

hope it helps,
bbao
0
 

Author Comment

by:cplhades
ID: 9908337
Hi,
Yes, I've checked that.. that registry setting is in place.
0
 
LVL 13

Expert Comment

by:Gnart
ID: 9908985
Is the PDC emulator running?  The WINNT domain account being referenced probably points to an emulated NT4 domain.

cheers
0
Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 

Author Comment

by:cplhades
ID: 9910150
I only have one domain controller which appears to be running fine. Is there anything specific I should check?
0
 
LVL 37

Expert Comment

by:bbao
ID: 9910292
hmm, your problem is a challenge.

can your windows nt workstationsws logon to the domain using cached logon information?

i know you have tried NETDOM command with either QUERY and MEMBER options, but when you did it, did you have connect to other server/workstations with its administrator's rights?
0
 

Author Comment

by:cplhades
ID: 9910588
I'm fairly sure the NT machines are set not to cache logon information, so I can't try that. I tried netdom with administrator rights on both machines.

Upon closer inspection of the XP machines, they aren't totally happy either.

Event Type:      Warning
Event Source:      LSASRV
Event Category:      SPNEGO (Negotiator)
Event ID:      40960
Description:
The Security System detected an attempted downgrade attack for server cifs/server1.bellemoor.southampton.gov.uk.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)".

Event Type:      Warning
Event Source:      LSASRV
Event Category:      SPNEGO (Negotiator)
Event ID:      40961
Description:
The Security System could not establish a secured connection with the server cifs/server1.bellemoor.southampton.gov.uk.  No authentication protocol was available.
0
 

Author Comment

by:cplhades
ID: 9913345
Okay, I'm gonna have to give up. Format and reinstall time.
0
 
LVL 37

Expert Comment

by:bbao
ID: 9913388
o? i just found a lot of links about this problems...
0
 
LVL 37

Expert Comment

by:bbao
ID: 9913398
but, i have to say, all of them are raw materials, have not been analysized well...
0
 
LVL 37

Expert Comment

by:bbao
ID: 10015753
cplhades, please close this question: accept the helpful comments OR ask EE moderator to delete it and get refund. thanks.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 10029466
PAQed, with points refunded (500)

Computer101
E-E Admin
0
 

Expert Comment

by:senthilsiva
ID: 10648224
Im too facing the exact problem, could not figure it.

Please show some light on this.

Senthil
0
 

Expert Comment

by:beamex
ID: 10664765
Hi' All

I'm pretty sure the problem is related to name resolution..

0
 

Expert Comment

by:senthilsiva
ID: 13499288
I resolved this issue after a week but pardon me for not sending the mail.

we removed all existing computer names from domain controller and changed the all NT system names to another one and joined it into the domain. It Works !!!.

Now its going smooth but in different name. Dont ask me what was the problem, cos im too in confusion in MS products.

Hope this would work for all who have this issue still.
0
 
LVL 37

Expert Comment

by:bbao
ID: 13502604
seems it is a labor intensive solution, hehe. anyway, you should be awarded because of your continuous effort. :)
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question