?
Solved

Clients Dropped From Domain

Posted on 2009-02-18
10
Medium Priority
?
204 Views
Last Modified: 2013-12-04
Recently we have had computers when we come in that are no longer in the domain. I beleive that there may be a problem with a patch being deployed via Altiris patch management but cannot verify that. I have never seen this behavior before. I experienced it on my own machine and approx 60 others on the network. We are able to rejoin the computers to the domain and then some of them have dropped out a second or third time. We beleive it may be a problem with XP SP3 since there are reports of unusual problems associated with that package. Does anyone know what event id is associated with a computer joining a workgroup? Domain? These are the patches that were deployed on the bulk of the machines we had the problem with.
Windows XP Hotfix KB938464 was installed.
Windows XP Hotfix KB950759 was installed.
Windows XP Hotfix KB950762 was installed.
Windows XP Hotfix KB950974 was installed.
Windows XP Hotfix KB951066 was installed.
Windows XP Hotfix KB951376 was installed.
Windows XP Hotfix KB951376-v2 was installed.
Windows XP Hotfix KB951698 was installed.
Windows XP Hotfix KB951748 was installed.
Windows XP Hotfix KB952287 was installed.
Windows XP Hotfix KB952954 was installed.
Windows XP Hotfix KB953155 was installed.
Windows XP Hotfix KB953838 was installed.
Windows XP Hotfix KB954211 was installed.
Windows XP Hotfix KB954600 was installed.
Windows XP Hotfix KB955069 was installed.
Windows XP Hotfix KB956390 was installed.
Windows XP Hotfix KB956802 was installed.
Windows XP Hotfix KB956803 was installed.
Windows XP Hotfix KB956841 was installed.
Windows XP Hotfix KB957095 was installed.
Windows XP Hotfix KB957097 was installed.
Windows XP Hotfix KB958215 was installed.
Windows XP Hotfix KB958644 was installed.
Windows XP Hotfix KB958687 was installed.
Windows XP Hotfix KB959252 was installed.
Windows XP Hotfix KB960714 was installed.
Windows XP Service Pack 3 was installed
0
Comment
Question by:dtchelpdesk2009
  • 4
  • 3
  • 3
10 Comments
 
LVL 11

Expert Comment

by:snoopfrogg
ID: 23671010
On the workstation, you'll see event ID 3260 when you join the domain (http://www.eventid.net/display.asp?eventid=3260&source=).  

Do you see any errors/warnings in your event logs around the time the machines drop out of the domain?
0
 
LVL 22

Expert Comment

by:Adam Leinss
ID: 23671027
We just pushed out SP3 to over 900 XP workstations, so I doubt its SP3.  Sounds more like a name collision issue.  If you look in the event logs, is anything be generated?
0
 
LVL 11

Expert Comment

by:snoopfrogg
ID: 23671045
I agree with aleinss on the SP3 point- we've deployed it sporadically and haven't had any issues.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:dtchelpdesk2009
ID: 23672223
Thank you for the ID we are looking into the problem and will post back. If anyone has further suggestions please post. I am not seeing anything in the event logs out of the norm. We are going to build a test system and see if we can break it.
0
 
LVL 22

Expert Comment

by:Adam Leinss
ID: 23672279
Maybe turn on audit logging on your domain controllers.  If some little trouble maker is resetting the computer accounts in ADUC that could cause workstations to lose their domain memberships.
Review who has access to join/unjoin PCs from your domain.  I never heard of such a problem on such a wide scale.
Also, all workstations have been syspreped, ie. have their own unique GUID?
0
 
LVL 11

Accepted Solution

by:
snoopfrogg earned 2000 total points
ID: 23672417
Another thought:  Try patching a few workstations manually and see if you have any issues.  My gut tells me this is related to Altiris- this will help eliminate the patches themselves as the issue.

Also, after you patch via Altiris, are the computer accounts for these machines still in Active Directory?  The reason I ask is because it's very possible that you may need to only reset the computer accounts in AD (i.e., the computer password stored in AD and the one stored on the workstations has gotten out of sync and AD can no longer authenticate it).
0
 

Author Comment

by:dtchelpdesk2009
ID: 23672784
Thank you all for your time.

aleinss:
     We have requested the logs from the DC's but will not have them until sometime tomorrow. Yes these machines have been on the network for a long time and have all been syspreped.
snoopfrogg:
We are testing the patches one at a time with a reboot after to see if we can determine if it is a bad patch being deployed through Altiris. The accounts are still in AD and we can re-join them without resetting the accounts.
0
 

Author Comment

by:dtchelpdesk2009
ID: 23796874
We determined that the issue is due to altiris deploying the wrong agent to the computers. The vista altiris client was improperly deployed to the xp boxes and was causing them to be removed from the domain.
0
 

Author Closing Comment

by:dtchelpdesk2009
ID: 31548275
I selected your solution because the problem was with altiris. Not any particular patch. Thanks for your help
0
 
LVL 22

Expert Comment

by:Adam Leinss
ID: 23797191
Ouch, that's a nasty bug in their product!
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question