?
Solved

Failed to authenticate with \\<computer name>, a Windows NT domain controller for domain

Posted on 2012-04-11
3
Medium Priority
?
683 Views
Last Modified: 2012-04-30
Hey

Some of our computers gets the following error: (Windows ThinPC)

Event ID: 3210Source: NETLOGON
Type: Error
Description:
Failed to authenticate with \\<computer name>, a Windows NT domain controller for domain <domain name>.

If we rejoin the computers - they work again.

But why? (no other computers has taken the computername)
0
Comment
Question by:mikeydk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 10

Expert Comment

by:Prashant Girennavar
ID: 37836322
This is mainly due to secure channel broken between the workstation and the domain.

When you unjoin and rejoin the computer , computer account passowrd will get reset and it will in sync with Active directory.

I would recommand you to go through below link to understand this better.

http://social.technet.microsoft.com/wiki/contents/articles/9157.trust-relationshitp-between-workstation-and-primary-domain-failed-en-us.aspx

Also refer below link which explains this behvaiour in detail.

http://support.microsoft.com/default.aspx?scid=kb;en-us;555038
http://eventid.net/display.asp?eventid=3210&eventno=1115&source=NETLOGON&phase=1

Regards,

_Prashant_
0
 

Author Comment

by:mikeydk
ID: 37836353
Is there any way to see if the SID on the Computeraccount in the AD equls the SID on the local computer?
0
 
LVL 10

Accepted Solution

by:
Prashant Girennavar earned 2000 total points
ID: 37836421
A computer's SID is stored in the Registry's SECURITY hive under SECURITY\SAM\Domains\Account.

On AD there are mutiple ways

1.Login to domain controller---->launch ADSIEdit---->Go to the path where computer object is stored---->Properties---->Attribute editor------->SID

2. You can use below command line to get the computer SID,

dsquery * -filter "(objectcategory=computer)" -attr objectsid (Run this on DC)

3.Or you can use Joe's Adfine Tool.

adfind -default -f objectcategory=computer objectsid

Regards,

_Prashant_
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question