mordinad
asked on
Refreshing Network Credentials
Hi All,
The situation is I have some servers which are up 24/7 and I want to know how I can refresh their network credentials without rebooting.
Sometimes we make changes to our router or switches and if a mistake is made in the DNS we don't not see any DC (domain controller) errors until a couple days later when the cached network credentials have expired.
The DC's are all W2K3 and so is my local server. Across the network I have a mix of W2K and XP client machines. All machines are on active directory connecting to a remote DC I have no control over.
I want to refresh network credentials manually to check everything is OK, so I can go home after a small upgrade and not be awaken at 4AM to be called in.
I've asked some other IT guys around here and they haven't run across this problem yet.
Regards,
Alex
The situation is I have some servers which are up 24/7 and I want to know how I can refresh their network credentials without rebooting.
Sometimes we make changes to our router or switches and if a mistake is made in the DNS we don't not see any DC (domain controller) errors until a couple days later when the cached network credentials have expired.
The DC's are all W2K3 and so is my local server. Across the network I have a mix of W2K and XP client machines. All machines are on active directory connecting to a remote DC I have no control over.
I want to refresh network credentials manually to check everything is OK, so I can go home after a small upgrade and not be awaken at 4AM to be called in.
I've asked some other IT guys around here and they haven't run across this problem yet.
Regards,
Alex
ASKER
That could be it, I will try that next time we know of a DC/DNS upgrade. Are there any second opinions out there?
The credentials I'm referring to are the same as the ones that enable you to login through a domain without being connected to the network. However once expired the domain becomes unavailable and you must connect back to the network properly to get reauthenticated. The TTL for the creds can be limited in the local security policies or higher level GPO.
As long as the credentials are still good, you will see no effect on network shares or common services, however once they expire, you'll immediately be rejected of all these things. Thus is the problem because we have ours to expire every 2 days. Upon notification of upgrades, I would like to force the credentials to renew immediately so I can dectect failure early.
Regards,
Alex
The credentials I'm referring to are the same as the ones that enable you to login through a domain without being connected to the network. However once expired the domain becomes unavailable and you must connect back to the network properly to get reauthenticated. The TTL for the creds can be limited in the local security policies or higher level GPO.
As long as the credentials are still good, you will see no effect on network shares or common services, however once they expire, you'll immediately be rejected of all these things. Thus is the problem because we have ours to expire every 2 days. Upon notification of upgrades, I would like to force the credentials to renew immediately so I can dectect failure early.
Regards,
Alex
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yeah that's what I've had to do, but there should be an easier way to "check" or "refresh/update" the cached credentials without modifying registry settings.
The items you talked about with repairing the network connection cannot be used, because I am breaking the network connection. The credentials can be refreshed without loss of connection. For these servers I must have constant connectivity thus, we can't reboot or flush the dns.
I'll accept your answers though if no one else out there has a better solution.
The items you talked about with repairing the network connection cannot be used, because I am breaking the network connection. The credentials can be refreshed without loss of connection. For these servers I must have constant connectivity thus, we can't reboot or flush the dns.
I'll accept your answers though if no one else out there has a better solution.
http://www.windowsitpro.com/Article/ArticleID/41060/41060.html
Cheers,
Gary