Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Various issues with logging onto a SBS2003 domain

Posted on 2008-06-10
8
Medium Priority
?
882 Views
Last Modified: 2013-01-01
Hi,

Recently I have started to see a lot of errors on the system log related to my own pc (errors are below). I use a local logon, I do not currenly log on to the domain. I do however use some of the network drives on the domain, I am currently using a batch file on log on to remap the network drive.

I recently installed VIsta (as a dual boot option) - I don't know if this has caused/added to the problem. The vista install has been given a different PC name.

No other workstation has this problem.

"Server - SBS2003 Standard Edtion, which acts as the DNS/DHCP server
"Workstation - XP Pro SP2

"Errors from SBS2003:
Event ID: 5805
The session setup from the computer PCNAME failed to authenticate. The name(s) of the account(s) referenced in the security database is PCNAME$.  The following error occurred:
Access is denied.

Event ID: 5723
The session setup from computer 'PCNAME' failed because the security database does not contain a trust account 'PCNAME$' referenced by the specified computer.  

USER ACTION  
If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. Otherwise, the following steps may be taken to resolve this problem:  

There are also, at several points through the day, a number of logs about purging print items when this has not happened.

"Errors from Workstation:
Event ID:3210
This computer could not authenticate with \\SBSSERVER, a Windows domain controller for domain ARCHITECTING, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.


Event ID:40961
The Security System could not establish a secured connection with the server DNS/chia.arin.net.  No authentication protocol was available.

Lastly upon using netdiag the workstation also fails to form a trust relationship with the domain, but passes everything else.

Ipconfig /all shows all the correct settings.

I don't think this is a DNS issue, but is there a way to fix these issues without losing any of the account information/data?




0
Comment
Question by:girbot
  • 4
  • 3
8 Comments
 
LVL 6

Accepted Solution

by:
raptorjb007 earned 750 total points
ID: 21753286
Domain computer accounts transparently manage a password used to authenticate the computer to the domain, much like a user needs a password to authenticate to the domain. These computer account passwords transparently change every 7 days, it is possible that for some reason your computer's password could not or did not change and now it is unable to authenticate to the domain. The easiest solution for this is to disjoin the pc from the domain, remove its account form AD, then rejoin the pc to the domain to establish a new relationship to the domain.
0
 
LVL 6

Expert Comment

by:DaMaestro
ID: 21756511
You may also want to verify the DNS setup. The clients and server should see the SBS server as primary DNS. One of those errors suggest it was trying a secure connection with an Internet DNS server.

Regarding Vista Dual Boot, if the computername is different and the install was in a seperate partition, it should have a different security identifier. I would suggest checking the SBS server for the correct number of computer accounts. If computer account A is the only one and it has a last modified date on or after the vista upgrade it is possible that the domain thinks the vista instance is using that SAM id.
0
 

Author Comment

by:girbot
ID: 21757858
Thanks for the replies.

Both Vista and XP see the SBS server as the DNS server.


I can only see the XP PC name on the SBS server, this is true for both the sbs server management and the AD.

I am going to remove both from the domain, and re-add only the XP (the vista side is really only for testing and doesn't need to be on the domain).


0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:girbot
ID: 21758042
OK both PC names are now appearing on the SBS server, and no event log error messages have appeared so far.

I am going to monitor the event logs for a few hours then post back. I did received the below on the workstation (and the network drive also had to be remapped):

EventID: 40961
The Security System could not establish a secured connection with the server DNS/chia.arin.net.  No authentication protocol was available.

I have just checked a couple other workstations and they all receive this on log on. I am now going through the below:
http://forums.msrportal.com/archive/index.php?t-20949.html

Is this the correct solution?
0
 
LVL 6

Expert Comment

by:raptorjb007
ID: 21774603
If you are using DHCP in your domain, it may help to update the credentials used in the DHCP server's properties to update DNS.

To do this:
-Open the DHCP management console in administrative tools on your DHCP server.
-Right click the servername in the console and choose properties.
-Goto the advanced tab and choose "Credentials"
-Update the credentials and apply the changes.

As for the reverse DNS zone in DNS suggestion from the forum, having one for each subnet in your domain is always a good idea, but shouldn't be the cause.
0
 

Author Comment

by:girbot
ID: 21777158
The errors in the system logs (on both SBS2003 and the workstation) have not appeared over the last two days, so the changes seem to have worked. The only problem I have now is the mapped network drives disconnecting on restart/shutdown.

With regards to updating the credentials, do I put the Administrator log in details there? (I hope that isn't as silly question as it feels...)

The reverse DNS zone has one for each subnet.

0
 
LVL 6

Expert Comment

by:raptorjb007
ID: 21778077
Any domain account with domain admin rights should work.
0
 

Author Comment

by:girbot
ID: 21811085
All the error logs have now stopped.

Thanks for the help and suggestions.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question