Authentication problems on Windows 2003 Domain
Posted on 2011-03-01
We are experiencing intermittent authentication problem on this windows 2003 domain.
It used to have a BDC located offsite and connected through a VPN but this has been discontinued, We have removed the record of the BDC from the Active Directory Domain Controllers folder
since then we are having varied problems across the network.
Outlook suddenly ask for username and password, cannot see the content of a shared folder.
Rebooting the machine usually fix the problem.
Eventviewer shows these errors :
Event ID 4
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/dc.domain.com. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (DOMAIN.COM), and the client realm. Please contact your system administrator.
Event ID : 1054 Windows cannot obtain the doamin controller name for you computer network (An unexpected network error occured). Group policy processing aborted
Lately we had a workstation not able to logon to the domain with this error :
The trust relationship between the primary domain and the trusted domain failed.
We had to rejoin the domain to resolve the issue.
Today our development server is not accessible except responds to pings and RDC.
Event ID: 3210, source Netlogon
this computer could not authenticate with \\OLDBDC.domain.com, a Windows doamin controller for domain DOMAIN, and therefore this computer might deny logon requests. This inability to authenticate might be cause by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appear again contact your system administrator
Event ID: 5719 Source : Netlogon
This computer was not able to set up a secure session with a domain controller in domain DOMAIN due to the following:
There are currently no logon servers available to service the logon request.
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persist, please contact your system adminitrator
The old BDC record seem to stay somehwere on the other servers and workstations even though it was removed from the Active Directory and DNS server.
Any ideas ?