Solved

Computer Account in Active Directory

Posted on 2008-10-16
7
344 Views
Last Modified: 2011-10-03
We've been seing alot of strange issue in our domain with two of our servers one named server1 and the other server2.  This all came to light when one of the computers server1 was showing up in our WSUS console.  I manauly ran wuaclt /detectnow to see if it would resolve the issue.  I checked the windows update log and it indicates its contacting the correct wsus server but still won't show up in wsus.  I then decided to disjoing and rejoing the servers to see if there was some sort of AD computers.  server2 had no problem.  server1 however disjoined and rejoined without a problem.  However the computer account never shows up ion active directory.  Normal i would expect that I wouldn't be able to log on and receive  amessage about the computer account missing or the dc is down but I was able to log on without a problem.  Any idea on this?
0
Comment
Question by:georgedschneider
  • 5
  • 2
7 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22731428
Sometimes things end up where we don't expect them to be.  Here are a few ideas.

First thing I would check would be 'gpresult > c:\temp\gpresult.log' and look at that - might want to compare it to server2 to see what differences there are.

Try searching in ADUC for computers and remote installation servers and you can also try a custom search and select exchange server, and make sure you are searching the entire directory not just the domain.
Also make sure you are getting the name of the box correctly - I am assuming server1 is a posting alias.  Make sure to be careful of 0/O, 1/I/l, etc. I find it easiest to copy/paste from the system properties/computer name tab into notepad as its normal font usually jumps out well enough.  If you are able to search ADUC from that box with the issues you are having, then you could paste it into there directly.

I would also take a look into DNS and make sure that it is showing up properly there.

You can also try doing 'gpudate /force' and see if that might help out.
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22731487
if that doesn't work, you could get a lot more information with adding the /V switch to the gpresult - normally you don't need this much info, but just in case you do I'm throwing it out there.   With normal gpresult you could get away without piping it to a log file as I included in my previous post, but with /V you have to as it will overflow your cmd box buffer.
0
 

Author Comment

by:georgedschneider
ID: 22733743
The starngest thing is it finally showed up and I moved the computer account from computers to the servers OU where all servers are located except for DC's. I ran ran gpupdate and then gpresults to see what was pllied and everything seems correct.  I then ran wuauclt /detetcnow to force reporting in to the wsus server.  Here's where the strange issues begin:

In the wsus consolse there seems to be something strange betwen server1 and server2.  The actual names are the smae with the only difference is the 1 and 2.  At first server1 was appearing.  Now after running wuauclt /detectnow only server 2 is appearing.  This is very starnge.  Any idea on why one server will appear and not ht other?   And occassionaly they will flip flop which one is appearing is the wsus console.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 31

Expert Comment

by:Paranormastic
ID: 22735129
These aren't new servers, correct?  Like two built from the same image?
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 500 total points
ID: 22735238
Look at the following reg key on 2 machines and see if they match. See if the susclientid numbers are the same.

hkey_local_machine\software\microsoft\windows\currentversion\windowsupdate.

run this in a bat file (you can backup the reg key manually first if you want)

@echo on
net stop wuauserv
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
net start wuauserv
wuauclt /resetauthorization /detectnow
0
 

Author Comment

by:georgedschneider
ID: 22735840
I assume the susid is some sort of id for wsus which makes sens since I created the second server based off a complet ebackup of the first server including the system state.  I then changed the  name which wouldn't have changed the susid.  What are /v and /f switches do?
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22769546
Sorry, was out for a few days...  /v precedes the ValueName. /f forces the deletion without propmt
Whenever you use a base image to make another, it is best to use sysprep to prevent these issues.  In a best case scenario, you would run sysprep and have it power off the box, then you could boot up into an imaging program (e.g. Ghost) or some other offline backup type prior to loading windows.  This would ensure that new security identifiers, machine names, etc. are generated prior to the system coming online.

You can get sysprep.exe from the deployment tools package for whatever OS you need to sysprep.  Generally speaking whatever the newest one is will support the older ones as well, so you shouldn't have to keep a number of versions around.  Whenever a new service pack comes out, just google it, e.g. 'sysprep windows server 2003 service pack 2 download' and you should be in business:
http://www.microsoft.com/downloads/details.aspx?FamilyID=93f20bb1-97aa-4356-8b43-9584b7e72556&displaylang=en

Here are some general 'how to' type links:
http://support.microsoft.com/kb/302577
http://www.petri.co.il/using_sysprep_in_an_image_based_installation.htm
http://www.windows-noob.com/forums/index.php?showtopic=195
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now