Solved

Various issues with logging onto a SBS2003 domain

Posted on 2008-06-10
8
858 Views
Last Modified: 2013-01-01
Hi,

Recently I have started to see a lot of errors on the system log related to my own pc (errors are below). I use a local logon, I do not currenly log on to the domain. I do however use some of the network drives on the domain, I am currently using a batch file on log on to remap the network drive.

I recently installed VIsta (as a dual boot option) - I don't know if this has caused/added to the problem. The vista install has been given a different PC name.

No other workstation has this problem.

"Server - SBS2003 Standard Edtion, which acts as the DNS/DHCP server
"Workstation - XP Pro SP2

"Errors from SBS2003:
Event ID: 5805
The session setup from the computer PCNAME failed to authenticate. The name(s) of the account(s) referenced in the security database is PCNAME$.  The following error occurred:
Access is denied.

Event ID: 5723
The session setup from computer 'PCNAME' failed because the security database does not contain a trust account 'PCNAME$' referenced by the specified computer.  

USER ACTION  
If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. Otherwise, the following steps may be taken to resolve this problem:  

There are also, at several points through the day, a number of logs about purging print items when this has not happened.

"Errors from Workstation:
Event ID:3210
This computer could not authenticate with \\SBSSERVER, a Windows domain controller for domain ARCHITECTING, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.


Event ID:40961
The Security System could not establish a secured connection with the server DNS/chia.arin.net.  No authentication protocol was available.

Lastly upon using netdiag the workstation also fails to form a trust relationship with the domain, but passes everything else.

Ipconfig /all shows all the correct settings.

I don't think this is a DNS issue, but is there a way to fix these issues without losing any of the account information/data?




0
Comment
Question by:girbot
  • 4
  • 3
8 Comments
 
LVL 6

Accepted Solution

by:
raptorjb007 earned 250 total points
Comment Utility
Domain computer accounts transparently manage a password used to authenticate the computer to the domain, much like a user needs a password to authenticate to the domain. These computer account passwords transparently change every 7 days, it is possible that for some reason your computer's password could not or did not change and now it is unable to authenticate to the domain. The easiest solution for this is to disjoin the pc from the domain, remove its account form AD, then rejoin the pc to the domain to establish a new relationship to the domain.
0
 
LVL 6

Expert Comment

by:DaMaestro
Comment Utility
You may also want to verify the DNS setup. The clients and server should see the SBS server as primary DNS. One of those errors suggest it was trying a secure connection with an Internet DNS server.

Regarding Vista Dual Boot, if the computername is different and the install was in a seperate partition, it should have a different security identifier. I would suggest checking the SBS server for the correct number of computer accounts. If computer account A is the only one and it has a last modified date on or after the vista upgrade it is possible that the domain thinks the vista instance is using that SAM id.
0
 

Author Comment

by:girbot
Comment Utility
Thanks for the replies.

Both Vista and XP see the SBS server as the DNS server.


I can only see the XP PC name on the SBS server, this is true for both the sbs server management and the AD.

I am going to remove both from the domain, and re-add only the XP (the vista side is really only for testing and doesn't need to be on the domain).


0
 

Author Comment

by:girbot
Comment Utility
OK both PC names are now appearing on the SBS server, and no event log error messages have appeared so far.

I am going to monitor the event logs for a few hours then post back. I did received the below on the workstation (and the network drive also had to be remapped):

EventID: 40961
The Security System could not establish a secured connection with the server DNS/chia.arin.net.  No authentication protocol was available.

I have just checked a couple other workstations and they all receive this on log on. I am now going through the below:
http://forums.msrportal.com/archive/index.php?t-20949.html

Is this the correct solution?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 6

Expert Comment

by:raptorjb007
Comment Utility
If you are using DHCP in your domain, it may help to update the credentials used in the DHCP server's properties to update DNS.

To do this:
-Open the DHCP management console in administrative tools on your DHCP server.
-Right click the servername in the console and choose properties.
-Goto the advanced tab and choose "Credentials"
-Update the credentials and apply the changes.

As for the reverse DNS zone in DNS suggestion from the forum, having one for each subnet in your domain is always a good idea, but shouldn't be the cause.
0
 

Author Comment

by:girbot
Comment Utility
The errors in the system logs (on both SBS2003 and the workstation) have not appeared over the last two days, so the changes seem to have worked. The only problem I have now is the mapped network drives disconnecting on restart/shutdown.

With regards to updating the credentials, do I put the Administrator log in details there? (I hope that isn't as silly question as it feels...)

The reverse DNS zone has one for each subnet.

0
 
LVL 6

Expert Comment

by:raptorjb007
Comment Utility
Any domain account with domain admin rights should work.
0
 

Author Comment

by:girbot
Comment Utility
All the error logs have now stopped.

Thanks for the help and suggestions.
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Recently Microsoft released a brand new function called CONCAT. It's supposed to replace its predecessor CONCATENATE. But how does it work? And what's new? In this article, we take a closer look at all of this - we even included an exercise file for…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now