Solved

Various issues with logging onto a SBS2003 domain

Posted on 2008-06-10
8
873 Views
Last Modified: 2013-01-01
Hi,

Recently I have started to see a lot of errors on the system log related to my own pc (errors are below). I use a local logon, I do not currenly log on to the domain. I do however use some of the network drives on the domain, I am currently using a batch file on log on to remap the network drive.

I recently installed VIsta (as a dual boot option) - I don't know if this has caused/added to the problem. The vista install has been given a different PC name.

No other workstation has this problem.

"Server - SBS2003 Standard Edtion, which acts as the DNS/DHCP server
"Workstation - XP Pro SP2

"Errors from SBS2003:
Event ID: 5805
The session setup from the computer PCNAME failed to authenticate. The name(s) of the account(s) referenced in the security database is PCNAME$.  The following error occurred:
Access is denied.

Event ID: 5723
The session setup from computer 'PCNAME' failed because the security database does not contain a trust account 'PCNAME$' referenced by the specified computer.  

USER ACTION  
If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. Otherwise, the following steps may be taken to resolve this problem:  

There are also, at several points through the day, a number of logs about purging print items when this has not happened.

"Errors from Workstation:
Event ID:3210
This computer could not authenticate with \\SBSSERVER, a Windows domain controller for domain ARCHITECTING, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.


Event ID:40961
The Security System could not establish a secured connection with the server DNS/chia.arin.net.  No authentication protocol was available.

Lastly upon using netdiag the workstation also fails to form a trust relationship with the domain, but passes everything else.

Ipconfig /all shows all the correct settings.

I don't think this is a DNS issue, but is there a way to fix these issues without losing any of the account information/data?




0
Comment
Question by:girbot
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 6

Accepted Solution

by:
raptorjb007 earned 250 total points
ID: 21753286
Domain computer accounts transparently manage a password used to authenticate the computer to the domain, much like a user needs a password to authenticate to the domain. These computer account passwords transparently change every 7 days, it is possible that for some reason your computer's password could not or did not change and now it is unable to authenticate to the domain. The easiest solution for this is to disjoin the pc from the domain, remove its account form AD, then rejoin the pc to the domain to establish a new relationship to the domain.
0
 
LVL 6

Expert Comment

by:DaMaestro
ID: 21756511
You may also want to verify the DNS setup. The clients and server should see the SBS server as primary DNS. One of those errors suggest it was trying a secure connection with an Internet DNS server.

Regarding Vista Dual Boot, if the computername is different and the install was in a seperate partition, it should have a different security identifier. I would suggest checking the SBS server for the correct number of computer accounts. If computer account A is the only one and it has a last modified date on or after the vista upgrade it is possible that the domain thinks the vista instance is using that SAM id.
0
 

Author Comment

by:girbot
ID: 21757858
Thanks for the replies.

Both Vista and XP see the SBS server as the DNS server.


I can only see the XP PC name on the SBS server, this is true for both the sbs server management and the AD.

I am going to remove both from the domain, and re-add only the XP (the vista side is really only for testing and doesn't need to be on the domain).


0
Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

 

Author Comment

by:girbot
ID: 21758042
OK both PC names are now appearing on the SBS server, and no event log error messages have appeared so far.

I am going to monitor the event logs for a few hours then post back. I did received the below on the workstation (and the network drive also had to be remapped):

EventID: 40961
The Security System could not establish a secured connection with the server DNS/chia.arin.net.  No authentication protocol was available.

I have just checked a couple other workstations and they all receive this on log on. I am now going through the below:
http://forums.msrportal.com/archive/index.php?t-20949.html

Is this the correct solution?
0
 
LVL 6

Expert Comment

by:raptorjb007
ID: 21774603
If you are using DHCP in your domain, it may help to update the credentials used in the DHCP server's properties to update DNS.

To do this:
-Open the DHCP management console in administrative tools on your DHCP server.
-Right click the servername in the console and choose properties.
-Goto the advanced tab and choose "Credentials"
-Update the credentials and apply the changes.

As for the reverse DNS zone in DNS suggestion from the forum, having one for each subnet in your domain is always a good idea, but shouldn't be the cause.
0
 

Author Comment

by:girbot
ID: 21777158
The errors in the system logs (on both SBS2003 and the workstation) have not appeared over the last two days, so the changes seem to have worked. The only problem I have now is the mapped network drives disconnecting on restart/shutdown.

With regards to updating the credentials, do I put the Administrator log in details there? (I hope that isn't as silly question as it feels...)

The reverse DNS zone has one for each subnet.

0
 
LVL 6

Expert Comment

by:raptorjb007
ID: 21778077
Any domain account with domain admin rights should work.
0
 

Author Comment

by:girbot
ID: 21811085
All the error logs have now stopped.

Thanks for the help and suggestions.
0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many software programs on offer that will claim to magically speed up your computer. The best advice I can give you is to avoid them like the plague, because they will often cause far more problems than they solve. Try some of these "do it…
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question