Computer Account in Active Directory

We've been seing alot of strange issue in our domain with two of our servers one named server1 and the other server2.  This all came to light when one of the computers server1 was showing up in our WSUS console.  I manauly ran wuaclt /detectnow to see if it would resolve the issue.  I checked the windows update log and it indicates its contacting the correct wsus server but still won't show up in wsus.  I then decided to disjoing and rejoing the servers to see if there was some sort of AD computers.  server2 had no problem.  server1 however disjoined and rejoined without a problem.  However the computer account never shows up ion active directory.  Normal i would expect that I wouldn't be able to log on and receive  amessage about the computer account missing or the dc is down but I was able to log on without a problem.  Any idea on this?
Who is Participating?
ParanormasticConnect With a Mentor Cryptographic EngineerCommented:
Look at the following reg key on 2 machines and see if they match. See if the susclientid numbers are the same.


run this in a bat file (you can backup the reg key manually first if you want)

@echo on
net stop wuauserv
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v PingID /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v AccountDomainSid /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate" /v SusClientId /f
net start wuauserv
wuauclt /resetauthorization /detectnow
ParanormasticCryptographic EngineerCommented:
Sometimes things end up where we don't expect them to be.  Here are a few ideas.

First thing I would check would be 'gpresult > c:\temp\gpresult.log' and look at that - might want to compare it to server2 to see what differences there are.

Try searching in ADUC for computers and remote installation servers and you can also try a custom search and select exchange server, and make sure you are searching the entire directory not just the domain.
Also make sure you are getting the name of the box correctly - I am assuming server1 is a posting alias.  Make sure to be careful of 0/O, 1/I/l, etc. I find it easiest to copy/paste from the system properties/computer name tab into notepad as its normal font usually jumps out well enough.  If you are able to search ADUC from that box with the issues you are having, then you could paste it into there directly.

I would also take a look into DNS and make sure that it is showing up properly there.

You can also try doing 'gpudate /force' and see if that might help out.
ParanormasticCryptographic EngineerCommented:
if that doesn't work, you could get a lot more information with adding the /V switch to the gpresult - normally you don't need this much info, but just in case you do I'm throwing it out there.   With normal gpresult you could get away without piping it to a log file as I included in my previous post, but with /V you have to as it will overflow your cmd box buffer.
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

georgedschneiderAuthor Commented:
The starngest thing is it finally showed up and I moved the computer account from computers to the servers OU where all servers are located except for DC's. I ran ran gpupdate and then gpresults to see what was pllied and everything seems correct.  I then ran wuauclt /detetcnow to force reporting in to the wsus server.  Here's where the strange issues begin:

In the wsus consolse there seems to be something strange betwen server1 and server2.  The actual names are the smae with the only difference is the 1 and 2.  At first server1 was appearing.  Now after running wuauclt /detectnow only server 2 is appearing.  This is very starnge.  Any idea on why one server will appear and not ht other?   And occassionaly they will flip flop which one is appearing is the wsus console.
ParanormasticCryptographic EngineerCommented:
These aren't new servers, correct?  Like two built from the same image?
georgedschneiderAuthor Commented:
I assume the susid is some sort of id for wsus which makes sens since I created the second server based off a complet ebackup of the first server including the system state.  I then changed the  name which wouldn't have changed the susid.  What are /v and /f switches do?
ParanormasticCryptographic EngineerCommented:
Sorry, was out for a few days...  /v precedes the ValueName. /f forces the deletion without propmt
Whenever you use a base image to make another, it is best to use sysprep to prevent these issues.  In a best case scenario, you would run sysprep and have it power off the box, then you could boot up into an imaging program (e.g. Ghost) or some other offline backup type prior to loading windows.  This would ensure that new security identifiers, machine names, etc. are generated prior to the system coming online.

You can get sysprep.exe from the deployment tools package for whatever OS you need to sysprep.  Generally speaking whatever the newest one is will support the older ones as well, so you shouldn't have to keep a number of versions around.  Whenever a new service pack comes out, just google it, e.g. 'sysprep windows server 2003 service pack 2 download' and you should be in business:

Here are some general 'how to' type links:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.