have to keep disjoining and rejoingin computers to domain

Hello, having a problem where computers need to be disjoined and rejoined to domain for them to login. 2003 domain.  keep getting message domain controller unavailable or somenting like that.  This just started happening today.  Thanks in advance.
LVL 2
gabrielazAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ron MalmsteadInformation Services ManagerCommented:
You must have multiple computers with the same name.

When you join the one machine, it resets the "machine password" in AD.  Now the other machine with identical name, will no longer have access to the domain in order to logon.

There are probably two computers that you keep having to re-join right ?...check the machine names.
If they are the same.   Disjoin them both from the domain.  Delete the machine account.  Logon to the machine  as "MACHINE\administrator"...change the name.....reboot, rejoin the domain.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Alan Huseyin KayahanCommented:
                 Please have a look at eventviewer
                 *Are there any error messages in eventlogs of your server?
                 *Any netlogon service failures reported in eventlogs?
                 *Since when you are facing this issue? How many clients act like this and how many clients exist in total?
                 
0
gabrielazAuthor Commented:
well here is the thing.  it has been more than 50 computers today.  and i cant find any dupicate names in AdUC ill check any oter ideas on what it might be. poslbly dns?
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

Alan Huseyin KayahanCommented:
                  *That means its server side. Please post some errors from eventlogs.
                   *Install windows server support tools and run dcdiag. And please post the output here.
0
gabrielazAuthor Commented:
what do i do with dc diag. do i runit from any domain controller or do i run it frmo my machine
how do i know which which dc they are trying to authtnticate to besides typein g in set.
0
Alan Huseyin KayahanCommented:
                       *Run it in the server which holds the global catalog. You can see it in ad sites and services, ntds general properties.
                        *You still didn't post any error log from eventlogs :)
0
gabrielazAuthor Commented:
The session setup from the computer computername-195 failed to authenticate. The following error occurred:
Access is denied.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

The session setup from computer computername-195' failed because the security database does not contain a trust account computername-195$' referenced by the specified computer.  

USER ACTION  
If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. Otherwise, the following steps may be taken to resolve this problem:  
0
Alan Huseyin KayahanCommented:
Can't logon NT domain - "Windows cannot connect to the domain"
Symptoms: After you join a Windows XP client to a Windows NT  domain, the client may be unable to log on to the domain.
1. You may receive the following error message: Windows cannot connect to the domain either because the domain controller is down or otherwise unavailable or because your computer account was not found.
2. You may receive Event ID 5723:  "The session setup from the computer Computername failed to authenticate. The name of the account referenced in the security database is Computername. The following error occurred: Access is denied."
3. Or Event ID: 3227, Event Source: NETLOGON: "The session setup to the Windows NT or Windows 2000 domain controller \\Server for the domain Domainname failed because \\Server does not support signing or sealing the Netlogon session. Either upgrade the domain controller or set the RequireSignOrSeal registry entry on this machine to 0."

Resolutions: This behavior occurs because the Windows XP client tries to sign or seal the secure channel. Windows XP does this by default. However, Windows NT  is not configured to do this by default. To resolve this issue, open Local Security Policy from Administrative Tools. Under the Local Policies\Security Options node, double-click the Domain Member:Digitally encrypt or sign secure channel data (always) policy to open it and click Disabled.
0
Alan Huseyin KayahanCommented:
                *One more question. Do same clients keep showing up this? I mean once you rejoin the client to domain, do you need to rejoin it again?
0
groettingCommented:
Please have a look at http://www.eventid.net/display.asp?eventid=5723&eventno=106&source=NETLOGON&phase=1 its a thread discussing several possible causes for this problem.
0
Ron MalmsteadInformation Services ManagerCommented:
Were any of these machines, "ghosted" ?
0
gabrielazAuthor Commented:
i spoke with the techs out there and i guess rejoining them did the trick.  I wonder what could of caused this.
0
Alan Huseyin KayahanCommented:
              *My last question was for clearing that thing out. If clients, which once rejoined to domain, do not require rejoining again, that means SID of server has been changed somehow (renaming PDC, re-creating domain without transferring/migrating).  If clients, which once rejoined to domain, require rejoining again, that means PDC is corrupt somehow which would be determined by checking dcdiag outputs.
0
gabrielazAuthor Commented:
I asked the techs out there and they said these machines werent renamed, ghosted or done anything with. when  they came in the morning things where like this. i appreciate it everyones input.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.