Solved

have to keep disjoining and rejoingin computers to domain

Posted on 2007-04-02
14
802 Views
Last Modified: 2008-01-09
Hello, having a problem where computers need to be disjoined and rejoined to domain for them to login. 2003 domain.  keep getting message domain controller unavailable or somenting like that.  This just started happening today.  Thanks in advance.
0
Comment
Question by:gabrielaz
  • 6
  • 5
  • 2
  • +1
14 Comments
 
LVL 25

Accepted Solution

by:
Ron M earned 250 total points
ID: 18838498
You must have multiple computers with the same name.

When you join the one machine, it resets the "machine password" in AD.  Now the other machine with identical name, will no longer have access to the domain in order to logon.

There are probably two computers that you keep having to re-join right ?...check the machine names.
If they are the same.   Disjoin them both from the domain.  Delete the machine account.  Logon to the machine  as "MACHINE\administrator"...change the name.....reboot, rejoin the domain.
0
 
LVL 29

Assisted Solution

by:Alan Huseyin Kayahan
Alan Huseyin Kayahan earned 250 total points
ID: 18838578
                 Please have a look at eventviewer
                 *Are there any error messages in eventlogs of your server?
                 *Any netlogon service failures reported in eventlogs?
                 *Since when you are facing this issue? How many clients act like this and how many clients exist in total?
                 
0
 
LVL 2

Author Comment

by:gabrielaz
ID: 18838582
well here is the thing.  it has been more than 50 computers today.  and i cant find any dupicate names in AdUC ill check any oter ideas on what it might be. poslbly dns?
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18838866
                  *That means its server side. Please post some errors from eventlogs.
                   *Install windows server support tools and run dcdiag. And please post the output here.
0
 
LVL 2

Author Comment

by:gabrielaz
ID: 18838975
what do i do with dc diag. do i runit from any domain controller or do i run it frmo my machine
how do i know which which dc they are trying to authtnticate to besides typein g in set.
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18839076
                       *Run it in the server which holds the global catalog. You can see it in ad sites and services, ntds general properties.
                        *You still didn't post any error log from eventlogs :)
0
 
LVL 2

Author Comment

by:gabrielaz
ID: 18839124
The session setup from the computer computername-195 failed to authenticate. The following error occurred:
Access is denied.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

The session setup from computer computername-195' failed because the security database does not contain a trust account computername-195$' referenced by the specified computer.  

USER ACTION  
If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. Otherwise, the following steps may be taken to resolve this problem:  
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18839192
Can't logon NT domain - "Windows cannot connect to the domain"
Symptoms: After you join a Windows XP client to a Windows NT  domain, the client may be unable to log on to the domain.
1. You may receive the following error message: Windows cannot connect to the domain either because the domain controller is down or otherwise unavailable or because your computer account was not found.
2. You may receive Event ID 5723:  "The session setup from the computer Computername failed to authenticate. The name of the account referenced in the security database is Computername. The following error occurred: Access is denied."
3. Or Event ID: 3227, Event Source: NETLOGON: "The session setup to the Windows NT or Windows 2000 domain controller \\Server for the domain Domainname failed because \\Server does not support signing or sealing the Netlogon session. Either upgrade the domain controller or set the RequireSignOrSeal registry entry on this machine to 0."

Resolutions: This behavior occurs because the Windows XP client tries to sign or seal the secure channel. Windows XP does this by default. However, Windows NT  is not configured to do this by default. To resolve this issue, open Local Security Policy from Administrative Tools. Under the Local Policies\Security Options node, double-click the Domain Member:Digitally encrypt or sign secure channel data (always) policy to open it and click Disabled.
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18839215
                *One more question. Do same clients keep showing up this? I mean once you rejoin the client to domain, do you need to rejoin it again?
0
 
LVL 4

Expert Comment

by:groetting
ID: 18848723
Please have a look at http://www.eventid.net/display.asp?eventid=5723&eventno=106&source=NETLOGON&phase=1 its a thread discussing several possible causes for this problem.
0
 
LVL 25

Expert Comment

by:Ron M
ID: 18850124
Were any of these machines, "ghosted" ?
0
 
LVL 2

Author Comment

by:gabrielaz
ID: 18851017
i spoke with the techs out there and i guess rejoining them did the trick.  I wonder what could of caused this.
0
 
LVL 29

Expert Comment

by:Alan Huseyin Kayahan
ID: 18856728
              *My last question was for clearing that thing out. If clients, which once rejoined to domain, do not require rejoining again, that means SID of server has been changed somehow (renaming PDC, re-creating domain without transferring/migrating).  If clients, which once rejoined to domain, require rejoining again, that means PDC is corrupt somehow which would be determined by checking dcdiag outputs.
0
 
LVL 2

Author Comment

by:gabrielaz
ID: 18858444
I asked the techs out there and they said these machines werent renamed, ghosted or done anything with. when  they came in the morning things where like this. i appreciate it everyones input.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

My purpose is to describe the basic concepts of virtual memory as implemented in a modern Windows-based operating system. I will also describe the problems inherent in older systems and how virtual memory solves them. The dark ages - before virtu…
This is a little timesaver I have been using for setting up Microsoft Small Business Server (SBS) in the simplest possible way. It may not be appropriate for every customer. However, when you get a situation where the person who owns the server is i…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now