John Sheehy
asked on
Computers dropping off from the Domain
Morning all. I have 28 Windows XP systems with SP2 on a Windows 2000 Advanced Server Domain. With a PDC, BDC and File server. Due to certain security requirerments we are required to unplug our laptops and place them in a safe. But every day my IT staff has to go out and unjoin each computer from the domain and rejoin them for the users to be able to access e-mail, the share drive and use the Internet.
I think it might be a DNS problem but I am not sure. The IT department is able to leave their computers hooked up all the time and we have not expereinced any of these problems. Does it have anything to do with them disconnecting every night?
Any help would be gratly appreciated.
John
We have one switch and that is working just fine.
I think it might be a DNS problem but I am not sure. The IT department is able to leave their computers hooked up all the time and we have not expereinced any of these problems. Does it have anything to do with them disconnecting every night?
Any help would be gratly appreciated.
John
We have one switch and that is working just fine.
If you have windows 2000 server you dont have a PDC and a BDC - you have two domain controllers, both of which hold a copy of a read/write multi-master database and one of the machines happens to hold the PDC emulator role. Sorry about that, nothing personal, but it really gets to you when you see this 20 times a day !!
Now to your question - no it should not matter that the machines are disconnected. They certainly should not loose their security association with the domain so removing and rejoing to the domain seels a little drastic. Are they switched off or put into standby or hibernated?
Does an ipconfig /release followed by ipconfig /renew cure the issue?
Now to your question - no it should not matter that the machines are disconnected. They certainly should not loose their security association with the domain so removing and rejoing to the domain seels a little drastic. Are they switched off or put into standby or hibernated?
Does an ipconfig /release followed by ipconfig /renew cure the issue?
ASKER
Sorry about the PDC/BDC thing. That is how I have to explain it to the non IT folks here.
We have a DHCP server and the machines are acquiring leases from it. IPCONFIG /release and /renew works for just that, releasing and renewing the IP but does nothing for the workstations joining the domain. I did however, run IPCONFIG /REGISTERDNS and I get the error access is denied. What si that all about?
Our ITs are using their own domain accounts to join the computers to the domain. And the users are shutting down computers vice placing them in standby or hibernate.
Thanks
John
We have a DHCP server and the machines are acquiring leases from it. IPCONFIG /release and /renew works for just that, releasing and renewing the IP but does nothing for the workstations joining the domain. I did however, run IPCONFIG /REGISTERDNS and I get the error access is denied. What si that all about?
Our ITs are using their own domain accounts to join the computers to the domain. And the users are shutting down computers vice placing them in standby or hibernate.
Thanks
John
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
The registerDNS failing does suggest a broken security association. This may work - Go to the default domain policy->Local Policies->Security Options
find Domain Controller: refuse machine account password changes and set it to ENABLED.
run gpupdate /force
restart the laptops and log on and off again at least twice and see if this does the trick - it stops machines changing their credentials - i think they may be changing credentilas and them losing them somehow.
If this does the trick and you want the other machines to be unaffected then remove this setting, put the laptops in an OU of their own and then apply a GPO directly to the laptop OU.
If if does not work remove the setting and we'll have to think again
find Domain Controller: refuse machine account password changes and set it to ENABLED.
run gpupdate /force
restart the laptops and log on and off again at least twice and see if this does the trick - it stops machines changing their credentials - i think they may be changing credentilas and them losing them somehow.
If this does the trick and you want the other machines to be unaffected then remove this setting, put the laptops in an OU of their own and then apply a GPO directly to the laptop OU.
If if does not work remove the setting and we'll have to think again
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Is your IT Staff loggin on the laptops with their Domain Credentials or with Local Adminsitrator password?
Do you have this issue with any user that log on on that machines?
Please tell us how do you assign the IP Addressing, do you have DHCP?
To check that DNS settings are correct you must:
1st. Point the Primary DNS to the DC that hosts Active Directory if it's installed there, or you can point to the DNS that hosts DNS Service
2nd. In the Forward Lookup Zone of your domain.com you need to check that Updates are enabled
Thanks
BADBOY!