• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1534
  • Last Modified:

Computers dropping off from the Domain

Morning all.  I have 28 Windows XP systems with SP2 on a Windows 2000 Advanced Server Domain.  With a PDC, BDC and File server.  Due to certain security requirerments we are required to unplug our laptops and place them in a safe.  But every day my IT staff has to go out and unjoin each computer from the domain and rejoin them for the users to be able to access e-mail, the share drive and use the Internet.  

I think it might be a DNS problem but I am not sure. The IT department is able to leave their computers hooked up all the time and we have not expereinced any of these problems.  Does it have anything to do with them disconnecting every night?

Any help would be gratly appreciated.

John

We have one switch and that is working just fine.
0
John Sheehy
Asked:
John Sheehy
2 Solutions
 
bad3000Commented:
When you connect one of this computers and you log with your credentials, Do you get any message?  
Is your IT Staff loggin on the laptops with their Domain Credentials or with Local Adminsitrator password?
Do you have this issue with any user that log on on that machines?
Please tell us how do you assign the IP Addressing, do you have DHCP?

To check that DNS settings are correct you must:
1st. Point the Primary DNS to the DC that hosts Active Directory if it's installed there, or you can point to the DNS that hosts DNS Service
2nd. In the Forward Lookup Zone of your domain.com you need to check that Updates are enabled

Thanks

BADBOY!
0
 
KCTSCommented:
If you have windows 2000 server you dont have a PDC and a BDC - you have two domain controllers, both of which hold a copy of a read/write multi-master database and one of the machines happens to hold the PDC emulator role. Sorry about that, nothing personal, but it really gets to you when you see this 20 times a day !!

Now to your question - no it should not matter that the machines are disconnected. They certainly should not loose their security association with the domain so removing and rejoing to the domain seels a little drastic. Are they switched off or put into standby or hibernated?

Does an ipconfig /release followed by ipconfig /renew cure the issue?


0
 
John SheehyCommunications EgineerAuthor Commented:
Sorry about the PDC/BDC thing.  That is how I have to explain it to the non IT folks here.

We have a DHCP server and the machines are acquiring leases from it. IPCONFIG /release and /renew works for just that, releasing and renewing the IP but does nothing for the workstations joining the domain.  I did however, run IPCONFIG /REGISTERDNS and I get the error access is denied.  What si that all about?

Our ITs are using their own domain accounts to join the computers to the domain.  And the users are shutting down computers vice placing them in standby or hibernate.

Thanks
John
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
emtsheaCommented:
Shouldn't matter how the laptops are being shut off, or if they go into hibernate.  

KCTS:  Would I be wrong in suggesting that it sounds like the 2 DCs aren't syncing up?  I would check, from the laptops, what DC their authenticating against by using:

echo %logonserver% from the command prompt, then check that DC to see if that computer's account exists.

It's something that I have done before and worked for me, so it's just a thought to try to help narrow things down a bit.
0
 
KCTSCommented:
The registerDNS failing does suggest a broken security association. This may work - Go to the default domain policy->Local Policies->Security Options
find Domain Controller: refuse machine account password changes and set it to ENABLED.

run gpupdate /force

restart the laptops and log on and off again at least twice and see if this does the trick - it stops machines changing their credentials - i think they may be changing credentilas and them losing them somehow.

If this does the trick and you want the other machines to be unaffected then remove this setting, put the laptops in an OU of their own and then apply a GPO directly to the laptop OU.

If if does not work remove the setting and we'll have to think again
0
 
KCTSCommented:
emtshea
Read your post after making mine - yes the two DCs may be out of sync
this can be checked see http://technet2.microsoft.com/windowsserver/en/library/bb462fa2-a889-47f2-869c-2aeb06cfc5bf1033.mspx?mfr=true
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now