printmedia
asked on
Windows cannot connect to the domain either because the domain controller is down or otherwise unavailable, or because your computer account was not found.
Hello,
We are having an issue where one computer on the network isn't able to log on to the domain because it gives the error stated in the title of this post. The DC is a Windows Server 2003 SBS machine, and it's up and running, I even tried restarting the DC and the client machine and the issue still persists. The DHCP on the DC isn't configured and isn't running, so the "DHCP Server" is actually a Linksys router, that's what's handing out IP's. It's a small environment, only about 5-6 computers, so that's why they have been able to get away with not having the DC be the DHCP server, regardless everything has been working fine, up to now and it's only this one computer.
Just for reference the computer name of the problem machine is "CARLOS"
When I look at the server event viewer the following event is logged which I think is related to the issue:
"The session setup from the computer CARLOS failed to authenticate. The name(s) of the account(s) referenced in the security database is CARLOS$. The following error occurred:
Access is denied. "
Then the following error is logged right after:
"The kerberos client received a KRB_AP_ERR_MODIFIED error from the server CARLOS$. The target name used was cifs/CARLOS. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (PROLOCKANDSAFE.LOCAL), and the client realm. Please contact your system administrator."
I've looked around the internet for solutions to this problem and I've already verified the time on the client computer and time on the server are identical or no more than 5 minutes apart, and they are actually one minute apart which shouldn't be causing the issue. I've also looked at the DNS and made sure that there aren't duplicate A Record's using the same IP address that this problem computer is using, and there isn't. I've tried running WinSock XP 1.2, but that didn't work either.
The only thing I haven't tried doing is removing the computer from the domain, deleting the computer account from AD, renaming the computer and rejoining it to the domain. It seems according to the articles I've read that this is the way to really fix it, but I'm weary about removing the computer from the domain in case I encounter another error when trying to rejoin the computer.
Any help or advice would be greatly appreciated, thank you!
We are having an issue where one computer on the network isn't able to log on to the domain because it gives the error stated in the title of this post. The DC is a Windows Server 2003 SBS machine, and it's up and running, I even tried restarting the DC and the client machine and the issue still persists. The DHCP on the DC isn't configured and isn't running, so the "DHCP Server" is actually a Linksys router, that's what's handing out IP's. It's a small environment, only about 5-6 computers, so that's why they have been able to get away with not having the DC be the DHCP server, regardless everything has been working fine, up to now and it's only this one computer.
Just for reference the computer name of the problem machine is "CARLOS"
When I look at the server event viewer the following event is logged which I think is related to the issue:
"The session setup from the computer CARLOS failed to authenticate. The name(s) of the account(s) referenced in the security database is CARLOS$. The following error occurred:
Access is denied. "
Then the following error is logged right after:
"The kerberos client received a KRB_AP_ERR_MODIFIED error from the server CARLOS$. The target name used was cifs/CARLOS. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (PROLOCKANDSAFE.LOCAL), and the client realm. Please contact your system administrator."
I've looked around the internet for solutions to this problem and I've already verified the time on the client computer and time on the server are identical or no more than 5 minutes apart, and they are actually one minute apart which shouldn't be causing the issue. I've also looked at the DNS and made sure that there aren't duplicate A Record's using the same IP address that this problem computer is using, and there isn't. I've tried running WinSock XP 1.2, but that didn't work either.
The only thing I haven't tried doing is removing the computer from the domain, deleting the computer account from AD, renaming the computer and rejoining it to the domain. It seems according to the articles I've read that this is the way to really fix it, but I'm weary about removing the computer from the domain in case I encounter another error when trying to rejoin the computer.
Any help or advice would be greatly appreciated, thank you!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Make sure the router is handing out your Server for DNS only.
just in case :
netsh winsock reset
reboot
delete the computer account and rejoin.
if the computer has wireless, try to connect using and Ethernet cable
netsh winsock reset
reboot
delete the computer account and rejoin.
if the computer has wireless, try to connect using and Ethernet cable
ASKER
I'm going to try removing the computer from the domain now, but dariusq what do you mean? That in the router settings under the DHCP settings I add the server IP address to the Static DNS 1 field?
the router points to the dns server ( in the domain)
Post ipconfig /all from client
The router DHCP settings should have static setting pointing to the local domain dns servers
The router DHCP settings should have static setting pointing to the local domain dns servers
ASKER
I looked at what the DNS IP is on the client computer and it's using the ISP's DNS address, all the computers on the network have that IP address as their DNS server.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Alright I changed the settings on the router so the router assigns the server's IP as the DNS server.
I just removed the computer from the domain, restarted, I also renamed the computer to something else, and restarted.
Now when I add the computer back to the domain should I use the SBS script (http://servername/connectcomputer) or should I just do it from the client through Control Panel -> System
I just removed the computer from the domain, restarted, I also renamed the computer to something else, and restarted.
Now when I add the computer back to the domain should I use the SBS script (http://servername/connectcomputer) or should I just do it from the client through Control Panel -> System
If you are running SBS then go through the connect computer link
ASKER
I went through the connect computer link and I got the following error:
"The list of users and computers could not be found on the server. Make sure that the Small Business Server network adapters are configured correctly."
So I went through Control Panel -> System and I was able to join it to the domain that way.
The computer restarted and now a domain account can log in to the computer without receiving that message that's in the title. This is good news, but the error that I received when trying to go to ConnectComputer is a little odd.
I know that's not the original subject of this thread but if anyone has some insight on that it would be great.
"The list of users and computers could not be found on the server. Make sure that the Small Business Server network adapters are configured correctly."
So I went through Control Panel -> System and I was able to join it to the domain that way.
The computer restarted and now a domain account can log in to the computer without receiving that message that's in the title. This is good news, but the error that I received when trying to go to ConnectComputer is a little odd.
I know that's not the original subject of this thread but if anyone has some insight on that it would be great.
post ipconfig /all from server
ASKER
Here it is:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>ipc onfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : PROLOCK1
Primary Dns Suffix . . . . . . . : prolockandsafe.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : prolockandsafe.local
Ethernet adapter Server Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Server Connection
Physical Address. . . . . . . . . : 00-11-43-1E-36-3B
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.140
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.140
Primary WINS Server . . . . . . . : 192.168.1.110
C:\Documents and Settings\Administrator>
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>ipc
Windows IP Configuration
Host Name . . . . . . . . . . . . : PROLOCK1
Primary Dns Suffix . . . . . . . : prolockandsafe.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : prolockandsafe.local
Ethernet adapter Server Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Server Connection
Physical Address. . . . . . . . . : 00-11-43-1E-36-3B
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.140
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.140
Primary WINS Server . . . . . . . : 192.168.1.110
C:\Documents and Settings\Administrator>
Looks good to me.
Not sure about the computer connect issue.
Not sure about the computer connect issue.
ASKER
Thank you everyone for helping.