Solved

have to keep disjoining and rejoingin computers to domain

Posted on 2007-04-02
14
805 Views
Last Modified: 2008-01-09
Hello, having a problem where computers need to be disjoined and rejoined to domain for them to login. 2003 domain.  keep getting message domain controller unavailable or somenting like that.  This just started happening today.  Thanks in advance.
0
Comment
Question by:gabrielaz
  • 6
  • 5
  • 2
  • +1
14 Comments
 
LVL 25

Accepted Solution

by:
Ron Malmstead earned 250 total points
ID: 18838498
You must have multiple computers with the same name.

When you join the one machine, it resets the "machine password" in AD.  Now the other machine with identical name, will no longer have access to the domain in order to logon.

There are probably two computers that you keep having to re-join right ?...check the machine names.
If they are the same.   Disjoin them both from the domain.  Delete the machine account.  Logon to the machine  as "MACHINE\administrator"...change the name.....reboot, rejoin the domain.
0
 
LVL 29

Assisted Solution

by:Alan Huseyin Kayahan
Alan Huseyin Kayahan earned 250 total points
ID: 18838578
                 Please have a look at eventviewer
                 *Are there any error messages in eventlogs of your server?
                 *Any netlogon service failures reported in eventlogs?
                 *Since when you are facing this issue? How many clients act like this and how many clients exist in total?
                 
0
 
LVL 2

Author Comment

by:gabrielaz
ID: 18838582
well here is the thing.  it has been more than 50 computers today.  and i cant find any dupicate names in AdUC ill check any oter ideas on what it might be. poslbly dns?
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18838866
                  *That means its server side. Please post some errors from eventlogs.
                   *Install windows server support tools and run dcdiag. And please post the output here.
0
 
LVL 2

Author Comment

by:gabrielaz
ID: 18838975
what do i do with dc diag. do i runit from any domain controller or do i run it frmo my machine
how do i know which which dc they are trying to authtnticate to besides typein g in set.
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18839076
                       *Run it in the server which holds the global catalog. You can see it in ad sites and services, ntds general properties.
                        *You still didn't post any error log from eventlogs :)
0
 
LVL 2

Author Comment

by:gabrielaz
ID: 18839124
The session setup from the computer computername-195 failed to authenticate. The following error occurred:
Access is denied.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

The session setup from computer computername-195' failed because the security database does not contain a trust account computername-195$' referenced by the specified computer.  

USER ACTION  
If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. Otherwise, the following steps may be taken to resolve this problem:  
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18839192
Can't logon NT domain - "Windows cannot connect to the domain"
Symptoms: After you join a Windows XP client to a Windows NT  domain, the client may be unable to log on to the domain.
1. You may receive the following error message: Windows cannot connect to the domain either because the domain controller is down or otherwise unavailable or because your computer account was not found.
2. You may receive Event ID 5723:  "The session setup from the computer Computername failed to authenticate. The name of the account referenced in the security database is Computername. The following error occurred: Access is denied."
3. Or Event ID: 3227, Event Source: NETLOGON: "The session setup to the Windows NT or Windows 2000 domain controller \\Server for the domain Domainname failed because \\Server does not support signing or sealing the Netlogon session. Either upgrade the domain controller or set the RequireSignOrSeal registry entry on this machine to 0."

Resolutions: This behavior occurs because the Windows XP client tries to sign or seal the secure channel. Windows XP does this by default. However, Windows NT  is not configured to do this by default. To resolve this issue, open Local Security Policy from Administrative Tools. Under the Local Policies\Security Options node, double-click the Domain Member:Digitally encrypt or sign secure channel data (always) policy to open it and click Disabled.
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18839215
                *One more question. Do same clients keep showing up this? I mean once you rejoin the client to domain, do you need to rejoin it again?
0
 
LVL 4

Expert Comment

by:groetting
ID: 18848723
Please have a look at http://www.eventid.net/display.asp?eventid=5723&eventno=106&source=NETLOGON&phase=1 its a thread discussing several possible causes for this problem.
0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 18850124
Were any of these machines, "ghosted" ?
0
 
LVL 2

Author Comment

by:gabrielaz
ID: 18851017
i spoke with the techs out there and i guess rejoining them did the trick.  I wonder what could of caused this.
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18856728
              *My last question was for clearing that thing out. If clients, which once rejoined to domain, do not require rejoining again, that means SID of server has been changed somehow (renaming PDC, re-creating domain without transferring/migrating).  If clients, which once rejoined to domain, require rejoining again, that means PDC is corrupt somehow which would be determined by checking dcdiag outputs.
0
 
LVL 2

Author Comment

by:gabrielaz
ID: 18858444
I asked the techs out there and they said these machines werent renamed, ghosted or done anything with. when  they came in the morning things where like this. i appreciate it everyones input.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many times while working on a computer regardless of any Operating System, lag and crashes seem to creep in, hindering your working speed. Sometimes, it can also cause your work to be lost unexpectedly and as a result, you are unable to meet your de…
Have you ever had a hard drive that you can't boot into, but need to change the registry? Here is the solution! This article guides you through accessing and editing a registry of a non-primary drive. To read registry information on a non-prim…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question