NETLOGON Event ID 3210

I have to answer a question relating to this event ID...

NETLOGON Event ID 3210:
Failed to authenticate with \\w2k3-dc01, a Windows NT domain controller for domain

List 2 ways to fix the above issue, one using a graphical tool, the other a command line utility:

Help would be appreciated please
Who is Participating?
Nirmal SharmaSolution ArchitectCommented:
Fatal_ExceptionSystems EngineerCommented:
Another one?  :)  this is fun!  Been a few months since I reviewed this material!

The secure channel's password is stored along with the computer account on all domain controllers. For Windows 2000 or Windows XP, the default computer account password change period is every 30 days. If, for some reason, the computer account's password and the LSA secret are not synchronized, the Netlogon service logs one or both of the following errors messages:

The session setup from the computer DOMAINMEMBER failed to authenticate.
The name of the account referenced in the security database is DOMAINMEMBER$.
The following error occurred: Access is denied.
NETLOGON Event ID 3210 Failed to authenticate with \\DOMAINDC, a Windows NT domain controller for domain DOMAIN.

The Netlogon service on the domain controller logs the following error message when the password is not

Action # 1:   In the Active Directory Users and Computers MMC (DSA), you can right-click the computer object in the Computers or appropriate container and then click Reset Account. This resets the machine account. Resetting the password for domain controllers using this method is not allowed. Resetting a computer account breaks that computer's connection to the domain and requires it to rejoin the domain

Action # 2:  Using the Netdom.exe command-line tool

Again, good luck with your studies!

Fatal_ExceptionSystems EngineerCommented:
Just in case anyone else is interested, you can do this with a script too..  :)  You might find scripting questions on the test, but just a few.

========Start Copy=========

Dim objComputer

Set objComputer = GetObject("LDAP://CN=computername,DC=WINDOWS2000,DC=COM")
objComputer.SetPassword "computername$"


========End Copy=========
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Fatal_ExceptionSystems EngineerCommented:
And, since I just reviewed the link that SystemProg put up there, and since it is certainly correct, give him the points on this one!  :)
one good method of solving these problems (of exam 70-290) bgcm12 is asking is to (install eDonkey2000 and) find study material for the exam 70-290.

MS Press has a book "Managing and Maintaining a Microsoft Windows Server 2003 Environment" which can easilly found on the internet in pdf format. Also old exam questions and answers (from TestKing or ActualTests) are helpful.

good luck with the exam!

bgcm12Author Commented:
Thanks all.  

I had the answer - i just wanted to verify it with someone!!  Remember...cheats never prosper! :o)

Some points for all as it's only fair...
Fatal_ExceptionSystems EngineerCommented:
So, did I get the answer right?   :)

Nirmal SharmaSolution ArchitectCommented:
Thanks all,
had this in a real world scenario.  restoring a virtual machine from a 2 month old backup and it wouldn't authenticate with the domain.  found this thread and it solved my problem perfectly.

thanks much
Fatal_ExceptionSystems EngineerCommented:
Glad it helped, Dragon!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.