Solved

have to keep disjoining and rejoingin computers to domain

Posted on 2007-04-02
14
809 Views
Last Modified: 2008-01-09
Hello, having a problem where computers need to be disjoined and rejoined to domain for them to login. 2003 domain.  keep getting message domain controller unavailable or somenting like that.  This just started happening today.  Thanks in advance.
0
Comment
Question by:gabrielaz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 2
  • +1
14 Comments
 
LVL 25

Accepted Solution

by:
Ron Malmstead earned 250 total points
ID: 18838498
You must have multiple computers with the same name.

When you join the one machine, it resets the "machine password" in AD.  Now the other machine with identical name, will no longer have access to the domain in order to logon.

There are probably two computers that you keep having to re-join right ?...check the machine names.
If they are the same.   Disjoin them both from the domain.  Delete the machine account.  Logon to the machine  as "MACHINE\administrator"...change the name.....reboot, rejoin the domain.
0
 
LVL 29

Assisted Solution

by:Alan Huseyin Kayahan
Alan Huseyin Kayahan earned 250 total points
ID: 18838578
                 Please have a look at eventviewer
                 *Are there any error messages in eventlogs of your server?
                 *Any netlogon service failures reported in eventlogs?
                 *Since when you are facing this issue? How many clients act like this and how many clients exist in total?
                 
0
 
LVL 2

Author Comment

by:gabrielaz
ID: 18838582
well here is the thing.  it has been more than 50 computers today.  and i cant find any dupicate names in AdUC ill check any oter ideas on what it might be. poslbly dns?
0
How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18838866
                  *That means its server side. Please post some errors from eventlogs.
                   *Install windows server support tools and run dcdiag. And please post the output here.
0
 
LVL 2

Author Comment

by:gabrielaz
ID: 18838975
what do i do with dc diag. do i runit from any domain controller or do i run it frmo my machine
how do i know which which dc they are trying to authtnticate to besides typein g in set.
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18839076
                       *Run it in the server which holds the global catalog. You can see it in ad sites and services, ntds general properties.
                        *You still didn't post any error log from eventlogs :)
0
 
LVL 2

Author Comment

by:gabrielaz
ID: 18839124
The session setup from the computer computername-195 failed to authenticate. The following error occurred:
Access is denied.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

The session setup from computer computername-195' failed because the security database does not contain a trust account computername-195$' referenced by the specified computer.  

USER ACTION  
If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. Otherwise, the following steps may be taken to resolve this problem:  
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18839192
Can't logon NT domain - "Windows cannot connect to the domain"
Symptoms: After you join a Windows XP client to a Windows NT  domain, the client may be unable to log on to the domain.
1. You may receive the following error message: Windows cannot connect to the domain either because the domain controller is down or otherwise unavailable or because your computer account was not found.
2. You may receive Event ID 5723:  "The session setup from the computer Computername failed to authenticate. The name of the account referenced in the security database is Computername. The following error occurred: Access is denied."
3. Or Event ID: 3227, Event Source: NETLOGON: "The session setup to the Windows NT or Windows 2000 domain controller \\Server for the domain Domainname failed because \\Server does not support signing or sealing the Netlogon session. Either upgrade the domain controller or set the RequireSignOrSeal registry entry on this machine to 0."

Resolutions: This behavior occurs because the Windows XP client tries to sign or seal the secure channel. Windows XP does this by default. However, Windows NT  is not configured to do this by default. To resolve this issue, open Local Security Policy from Administrative Tools. Under the Local Policies\Security Options node, double-click the Domain Member:Digitally encrypt or sign secure channel data (always) policy to open it and click Disabled.
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18839215
                *One more question. Do same clients keep showing up this? I mean once you rejoin the client to domain, do you need to rejoin it again?
0
 
LVL 4

Expert Comment

by:groetting
ID: 18848723
Please have a look at http://www.eventid.net/display.asp?eventid=5723&eventno=106&source=NETLOGON&phase=1 its a thread discussing several possible causes for this problem.
0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 18850124
Were any of these machines, "ghosted" ?
0
 
LVL 2

Author Comment

by:gabrielaz
ID: 18851017
i spoke with the techs out there and i guess rejoining them did the trick.  I wonder what could of caused this.
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18856728
              *My last question was for clearing that thing out. If clients, which once rejoined to domain, do not require rejoining again, that means SID of server has been changed somehow (renaming PDC, re-creating domain without transferring/migrating).  If clients, which once rejoined to domain, require rejoining again, that means PDC is corrupt somehow which would be determined by checking dcdiag outputs.
0
 
LVL 2

Author Comment

by:gabrielaz
ID: 18858444
I asked the techs out there and they said these machines werent renamed, ghosted or done anything with. when  they came in the morning things where like this. i appreciate it everyones input.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question