?
Solved

Various issues with logging onto a SBS2003 domain

Posted on 2008-06-10
8
Medium Priority
?
877 Views
Last Modified: 2013-01-01
Hi,

Recently I have started to see a lot of errors on the system log related to my own pc (errors are below). I use a local logon, I do not currenly log on to the domain. I do however use some of the network drives on the domain, I am currently using a batch file on log on to remap the network drive.

I recently installed VIsta (as a dual boot option) - I don't know if this has caused/added to the problem. The vista install has been given a different PC name.

No other workstation has this problem.

"Server - SBS2003 Standard Edtion, which acts as the DNS/DHCP server
"Workstation - XP Pro SP2

"Errors from SBS2003:
Event ID: 5805
The session setup from the computer PCNAME failed to authenticate. The name(s) of the account(s) referenced in the security database is PCNAME$.  The following error occurred:
Access is denied.

Event ID: 5723
The session setup from computer 'PCNAME' failed because the security database does not contain a trust account 'PCNAME$' referenced by the specified computer.  

USER ACTION  
If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. Otherwise, the following steps may be taken to resolve this problem:  

There are also, at several points through the day, a number of logs about purging print items when this has not happened.

"Errors from Workstation:
Event ID:3210
This computer could not authenticate with \\SBSSERVER, a Windows domain controller for domain ARCHITECTING, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.


Event ID:40961
The Security System could not establish a secured connection with the server DNS/chia.arin.net.  No authentication protocol was available.

Lastly upon using netdiag the workstation also fails to form a trust relationship with the domain, but passes everything else.

Ipconfig /all shows all the correct settings.

I don't think this is a DNS issue, but is there a way to fix these issues without losing any of the account information/data?




0
Comment
Question by:girbot
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 6

Accepted Solution

by:
raptorjb007 earned 750 total points
ID: 21753286
Domain computer accounts transparently manage a password used to authenticate the computer to the domain, much like a user needs a password to authenticate to the domain. These computer account passwords transparently change every 7 days, it is possible that for some reason your computer's password could not or did not change and now it is unable to authenticate to the domain. The easiest solution for this is to disjoin the pc from the domain, remove its account form AD, then rejoin the pc to the domain to establish a new relationship to the domain.
0
 
LVL 6

Expert Comment

by:DaMaestro
ID: 21756511
You may also want to verify the DNS setup. The clients and server should see the SBS server as primary DNS. One of those errors suggest it was trying a secure connection with an Internet DNS server.

Regarding Vista Dual Boot, if the computername is different and the install was in a seperate partition, it should have a different security identifier. I would suggest checking the SBS server for the correct number of computer accounts. If computer account A is the only one and it has a last modified date on or after the vista upgrade it is possible that the domain thinks the vista instance is using that SAM id.
0
 

Author Comment

by:girbot
ID: 21757858
Thanks for the replies.

Both Vista and XP see the SBS server as the DNS server.


I can only see the XP PC name on the SBS server, this is true for both the sbs server management and the AD.

I am going to remove both from the domain, and re-add only the XP (the vista side is really only for testing and doesn't need to be on the domain).


0
How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

 

Author Comment

by:girbot
ID: 21758042
OK both PC names are now appearing on the SBS server, and no event log error messages have appeared so far.

I am going to monitor the event logs for a few hours then post back. I did received the below on the workstation (and the network drive also had to be remapped):

EventID: 40961
The Security System could not establish a secured connection with the server DNS/chia.arin.net.  No authentication protocol was available.

I have just checked a couple other workstations and they all receive this on log on. I am now going through the below:
http://forums.msrportal.com/archive/index.php?t-20949.html

Is this the correct solution?
0
 
LVL 6

Expert Comment

by:raptorjb007
ID: 21774603
If you are using DHCP in your domain, it may help to update the credentials used in the DHCP server's properties to update DNS.

To do this:
-Open the DHCP management console in administrative tools on your DHCP server.
-Right click the servername in the console and choose properties.
-Goto the advanced tab and choose "Credentials"
-Update the credentials and apply the changes.

As for the reverse DNS zone in DNS suggestion from the forum, having one for each subnet in your domain is always a good idea, but shouldn't be the cause.
0
 

Author Comment

by:girbot
ID: 21777158
The errors in the system logs (on both SBS2003 and the workstation) have not appeared over the last two days, so the changes seem to have worked. The only problem I have now is the mapped network drives disconnecting on restart/shutdown.

With regards to updating the credentials, do I put the Administrator log in details there? (I hope that isn't as silly question as it feels...)

The reverse DNS zone has one for each subnet.

0
 
LVL 6

Expert Comment

by:raptorjb007
ID: 21778077
Any domain account with domain admin rights should work.
0
 

Author Comment

by:girbot
ID: 21811085
All the error logs have now stopped.

Thanks for the help and suggestions.
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question