Solved

Various issues with logging onto a SBS2003 domain

Posted on 2008-06-10
8
863 Views
Last Modified: 2013-01-01
Hi,

Recently I have started to see a lot of errors on the system log related to my own pc (errors are below). I use a local logon, I do not currenly log on to the domain. I do however use some of the network drives on the domain, I am currently using a batch file on log on to remap the network drive.

I recently installed VIsta (as a dual boot option) - I don't know if this has caused/added to the problem. The vista install has been given a different PC name.

No other workstation has this problem.

"Server - SBS2003 Standard Edtion, which acts as the DNS/DHCP server
"Workstation - XP Pro SP2

"Errors from SBS2003:
Event ID: 5805
The session setup from the computer PCNAME failed to authenticate. The name(s) of the account(s) referenced in the security database is PCNAME$.  The following error occurred:
Access is denied.

Event ID: 5723
The session setup from computer 'PCNAME' failed because the security database does not contain a trust account 'PCNAME$' referenced by the specified computer.  

USER ACTION  
If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. Otherwise, the following steps may be taken to resolve this problem:  

There are also, at several points through the day, a number of logs about purging print items when this has not happened.

"Errors from Workstation:
Event ID:3210
This computer could not authenticate with \\SBSSERVER, a Windows domain controller for domain ARCHITECTING, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.


Event ID:40961
The Security System could not establish a secured connection with the server DNS/chia.arin.net.  No authentication protocol was available.

Lastly upon using netdiag the workstation also fails to form a trust relationship with the domain, but passes everything else.

Ipconfig /all shows all the correct settings.

I don't think this is a DNS issue, but is there a way to fix these issues without losing any of the account information/data?




0
Comment
Question by:girbot
  • 4
  • 3
8 Comments
 
LVL 6

Accepted Solution

by:
raptorjb007 earned 250 total points
ID: 21753286
Domain computer accounts transparently manage a password used to authenticate the computer to the domain, much like a user needs a password to authenticate to the domain. These computer account passwords transparently change every 7 days, it is possible that for some reason your computer's password could not or did not change and now it is unable to authenticate to the domain. The easiest solution for this is to disjoin the pc from the domain, remove its account form AD, then rejoin the pc to the domain to establish a new relationship to the domain.
0
 
LVL 6

Expert Comment

by:DaMaestro
ID: 21756511
You may also want to verify the DNS setup. The clients and server should see the SBS server as primary DNS. One of those errors suggest it was trying a secure connection with an Internet DNS server.

Regarding Vista Dual Boot, if the computername is different and the install was in a seperate partition, it should have a different security identifier. I would suggest checking the SBS server for the correct number of computer accounts. If computer account A is the only one and it has a last modified date on or after the vista upgrade it is possible that the domain thinks the vista instance is using that SAM id.
0
 

Author Comment

by:girbot
ID: 21757858
Thanks for the replies.

Both Vista and XP see the SBS server as the DNS server.


I can only see the XP PC name on the SBS server, this is true for both the sbs server management and the AD.

I am going to remove both from the domain, and re-add only the XP (the vista side is really only for testing and doesn't need to be on the domain).


0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 

Author Comment

by:girbot
ID: 21758042
OK both PC names are now appearing on the SBS server, and no event log error messages have appeared so far.

I am going to monitor the event logs for a few hours then post back. I did received the below on the workstation (and the network drive also had to be remapped):

EventID: 40961
The Security System could not establish a secured connection with the server DNS/chia.arin.net.  No authentication protocol was available.

I have just checked a couple other workstations and they all receive this on log on. I am now going through the below:
http://forums.msrportal.com/archive/index.php?t-20949.html

Is this the correct solution?
0
 
LVL 6

Expert Comment

by:raptorjb007
ID: 21774603
If you are using DHCP in your domain, it may help to update the credentials used in the DHCP server's properties to update DNS.

To do this:
-Open the DHCP management console in administrative tools on your DHCP server.
-Right click the servername in the console and choose properties.
-Goto the advanced tab and choose "Credentials"
-Update the credentials and apply the changes.

As for the reverse DNS zone in DNS suggestion from the forum, having one for each subnet in your domain is always a good idea, but shouldn't be the cause.
0
 

Author Comment

by:girbot
ID: 21777158
The errors in the system logs (on both SBS2003 and the workstation) have not appeared over the last two days, so the changes seem to have worked. The only problem I have now is the mapped network drives disconnecting on restart/shutdown.

With regards to updating the credentials, do I put the Administrator log in details there? (I hope that isn't as silly question as it feels...)

The reverse DNS zone has one for each subnet.

0
 
LVL 6

Expert Comment

by:raptorjb007
ID: 21778077
Any domain account with domain admin rights should work.
0
 

Author Comment

by:girbot
ID: 21811085
All the error logs have now stopped.

Thanks for the help and suggestions.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question