Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Valid user account can not authenticate on PC

Posted on 2007-08-03
12
Medium Priority
?
266 Views
Last Modified: 2013-11-05
We have Active Directory and one of our user at our Italy office can no longer login on his PC with his valid AD user account.  I can log in as him from my office in Michigan.  We have Windows 2003 server as our DCs.  We know his account is good.  What can I do to resolve this issue for him?  Thanks.
0
Comment
Question by:PSCheng51
  • 6
  • 3
  • 3
12 Comments
 
LVL 17

Accepted Solution

by:
jburgaard earned 300 total points
ID: 19625305
If you are sure the pw is so simple that no misunderstanding is possible &
the DC's are in sync (DCDIAG)
- then my guess is corrupt machine account.
If so let him log in as local admin
Take PC from domain to workgroup
from workgroup add to domain.


0
 

Author Comment

by:PSCheng51
ID: 19625335
He was able to get in via OWA to read email.  His pw is correct.

Can he use his own account to add his PC back into the domain?  We can not let him have the Administrator password.
0
 
LVL 31

Assisted Solution

by:Toni Uranjek
Toni Uranjek earned 200 total points
ID: 19625425
Hi!

First you have to reset his computer account in Active directory users and computers, then he can rejoin domain. Every user can add up to 10 computers to domain without having domain admin permissions. But he has to be local administrator.

HTH

Toni
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:PSCheng51
ID: 19625441
I will contact him and go over the procedure with him.
0
 
LVL 17

Expert Comment

by:jburgaard
ID: 19625617
Just to be sure: No one else can log into this PC?

Before going to the domain<->workgroup stunt, be sure the basic network IS running (eg ping dc by name)
0
 

Author Comment

by:PSCheng51
ID: 19625650
He can login locally on his local account.  He has access to his email via OWA.  So the network is running.

I may ask him to add the DC IP to his hosts file.  Do you think that may help?
0
 
LVL 31

Expert Comment

by:Toni Uranjek
ID: 19625775
No need to mess arounf with hosts file if "nslookup dc.domain.com" returns correct IP. Substitute dc.domain.com with FQDN of your DC.
0
 

Author Comment

by:PSCheng51
ID: 19625808
What happens if it does not work?
0
 
LVL 31

Expert Comment

by:Toni Uranjek
ID: 19625914
If what does not work? Nslookup? The change clients DNS settings first, point to DNS which holds your SRV resource records. You won't be able to rejoin domain if DNS is not working and this might be the reason that you can not login. Although I believe cached credentials should allow users to logon on in case of networking problems.
0
 
LVL 17

Expert Comment

by:jburgaard
ID: 19625955
Rejoining domain?
The local accouts will continue to work
0
 

Author Comment

by:PSCheng51
ID: 19638278
Thanks for the info.  Our Italian coworked went on vacation for 2 weeks,  I will get with hin after his return.  Thanks again.
0
 

Author Comment

by:PSCheng51
ID: 19755403
When he got back from vacation, his notebook worked as before the problem.  Go figure.  Thanks for your help.
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question