Computers dropping off from the Domain

Morning all.  I have 28 Windows XP systems with SP2 on a Windows 2000 Advanced Server Domain.  With a PDC, BDC and File server.  Due to certain security requirerments we are required to unplug our laptops and place them in a safe.  But every day my IT staff has to go out and unjoin each computer from the domain and rejoin them for the users to be able to access e-mail, the share drive and use the Internet.  

I think it might be a DNS problem but I am not sure. The IT department is able to leave their computers hooked up all the time and we have not expereinced any of these problems.  Does it have anything to do with them disconnecting every night?

Any help would be gratly appreciated.

John

We have one switch and that is working just fine.
John SheehySecurity AnalystAsked:
Who is Participating?
 
emtsheaCommented:
Shouldn't matter how the laptops are being shut off, or if they go into hibernate.  

KCTS:  Would I be wrong in suggesting that it sounds like the 2 DCs aren't syncing up?  I would check, from the laptops, what DC their authenticating against by using:

echo %logonserver% from the command prompt, then check that DC to see if that computer's account exists.

It's something that I have done before and worked for me, so it's just a thought to try to help narrow things down a bit.
0
 
bad3000Commented:
When you connect one of this computers and you log with your credentials, Do you get any message?  
Is your IT Staff loggin on the laptops with their Domain Credentials or with Local Adminsitrator password?
Do you have this issue with any user that log on on that machines?
Please tell us how do you assign the IP Addressing, do you have DHCP?

To check that DNS settings are correct you must:
1st. Point the Primary DNS to the DC that hosts Active Directory if it's installed there, or you can point to the DNS that hosts DNS Service
2nd. In the Forward Lookup Zone of your domain.com you need to check that Updates are enabled

Thanks

BADBOY!
0
 
Brian PiercePhotographerCommented:
If you have windows 2000 server you dont have a PDC and a BDC - you have two domain controllers, both of which hold a copy of a read/write multi-master database and one of the machines happens to hold the PDC emulator role. Sorry about that, nothing personal, but it really gets to you when you see this 20 times a day !!

Now to your question - no it should not matter that the machines are disconnected. They certainly should not loose their security association with the domain so removing and rejoing to the domain seels a little drastic. Are they switched off or put into standby or hibernated?

Does an ipconfig /release followed by ipconfig /renew cure the issue?


0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 
John SheehySecurity AnalystAuthor Commented:
Sorry about the PDC/BDC thing.  That is how I have to explain it to the non IT folks here.

We have a DHCP server and the machines are acquiring leases from it. IPCONFIG /release and /renew works for just that, releasing and renewing the IP but does nothing for the workstations joining the domain.  I did however, run IPCONFIG /REGISTERDNS and I get the error access is denied.  What si that all about?

Our ITs are using their own domain accounts to join the computers to the domain.  And the users are shutting down computers vice placing them in standby or hibernate.

Thanks
John
0
 
Brian PiercePhotographerCommented:
The registerDNS failing does suggest a broken security association. This may work - Go to the default domain policy->Local Policies->Security Options
find Domain Controller: refuse machine account password changes and set it to ENABLED.

run gpupdate /force

restart the laptops and log on and off again at least twice and see if this does the trick - it stops machines changing their credentials - i think they may be changing credentilas and them losing them somehow.

If this does the trick and you want the other machines to be unaffected then remove this setting, put the laptops in an OU of their own and then apply a GPO directly to the laptop OU.

If if does not work remove the setting and we'll have to think again
0
 
Brian PiercePhotographerCommented:
emtshea
Read your post after making mine - yes the two DCs may be out of sync
this can be checked see http://technet2.microsoft.com/windowsserver/en/library/bb462fa2-a889-47f2-869c-2aeb06cfc5bf1033.mspx?mfr=true
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.