• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 815
  • Last Modified:

have to keep disjoining and rejoingin computers to domain

Hello, having a problem where computers need to be disjoined and rejoined to domain for them to login. 2003 domain.  keep getting message domain controller unavailable or somenting like that.  This just started happening today.  Thanks in advance.
0
gabrielaz
Asked:
gabrielaz
  • 6
  • 5
  • 2
  • +1
2 Solutions
 
Ron MalmsteadInformation Services ManagerCommented:
You must have multiple computers with the same name.

When you join the one machine, it resets the "machine password" in AD.  Now the other machine with identical name, will no longer have access to the domain in order to logon.

There are probably two computers that you keep having to re-join right ?...check the machine names.
If they are the same.   Disjoin them both from the domain.  Delete the machine account.  Logon to the machine  as "MACHINE\administrator"...change the name.....reboot, rejoin the domain.
0
 
Alan Huseyin KayahanCommented:
                 Please have a look at eventviewer
                 *Are there any error messages in eventlogs of your server?
                 *Any netlogon service failures reported in eventlogs?
                 *Since when you are facing this issue? How many clients act like this and how many clients exist in total?
                 
0
 
gabrielazAuthor Commented:
well here is the thing.  it has been more than 50 computers today.  and i cant find any dupicate names in AdUC ill check any oter ideas on what it might be. poslbly dns?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Alan Huseyin KayahanCommented:
                  *That means its server side. Please post some errors from eventlogs.
                   *Install windows server support tools and run dcdiag. And please post the output here.
0
 
gabrielazAuthor Commented:
what do i do with dc diag. do i runit from any domain controller or do i run it frmo my machine
how do i know which which dc they are trying to authtnticate to besides typein g in set.
0
 
Alan Huseyin KayahanCommented:
                       *Run it in the server which holds the global catalog. You can see it in ad sites and services, ntds general properties.
                        *You still didn't post any error log from eventlogs :)
0
 
gabrielazAuthor Commented:
The session setup from the computer computername-195 failed to authenticate. The following error occurred:
Access is denied.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

The session setup from computer computername-195' failed because the security database does not contain a trust account computername-195$' referenced by the specified computer.  

USER ACTION  
If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. Otherwise, the following steps may be taken to resolve this problem:  
0
 
Alan Huseyin KayahanCommented:
Can't logon NT domain - "Windows cannot connect to the domain"
Symptoms: After you join a Windows XP client to a Windows NT  domain, the client may be unable to log on to the domain.
1. You may receive the following error message: Windows cannot connect to the domain either because the domain controller is down or otherwise unavailable or because your computer account was not found.
2. You may receive Event ID 5723:  "The session setup from the computer Computername failed to authenticate. The name of the account referenced in the security database is Computername. The following error occurred: Access is denied."
3. Or Event ID: 3227, Event Source: NETLOGON: "The session setup to the Windows NT or Windows 2000 domain controller \\Server for the domain Domainname failed because \\Server does not support signing or sealing the Netlogon session. Either upgrade the domain controller or set the RequireSignOrSeal registry entry on this machine to 0."

Resolutions: This behavior occurs because the Windows XP client tries to sign or seal the secure channel. Windows XP does this by default. However, Windows NT  is not configured to do this by default. To resolve this issue, open Local Security Policy from Administrative Tools. Under the Local Policies\Security Options node, double-click the Domain Member:Digitally encrypt or sign secure channel data (always) policy to open it and click Disabled.
0
 
Alan Huseyin KayahanCommented:
                *One more question. Do same clients keep showing up this? I mean once you rejoin the client to domain, do you need to rejoin it again?
0
 
groettingCommented:
Please have a look at http://www.eventid.net/display.asp?eventid=5723&eventno=106&source=NETLOGON&phase=1 its a thread discussing several possible causes for this problem.
0
 
Ron MalmsteadInformation Services ManagerCommented:
Were any of these machines, "ghosted" ?
0
 
gabrielazAuthor Commented:
i spoke with the techs out there and i guess rejoining them did the trick.  I wonder what could of caused this.
0
 
Alan Huseyin KayahanCommented:
              *My last question was for clearing that thing out. If clients, which once rejoined to domain, do not require rejoining again, that means SID of server has been changed somehow (renaming PDC, re-creating domain without transferring/migrating).  If clients, which once rejoined to domain, require rejoining again, that means PDC is corrupt somehow which would be determined by checking dcdiag outputs.
0
 
gabrielazAuthor Commented:
I asked the techs out there and they said these machines werent renamed, ghosted or done anything with. when  they came in the morning things where like this. i appreciate it everyones input.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 6
  • 5
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now