Solved

Failed to authenticate with \\<computer name>, a Windows NT domain controller for domain

Posted on 2012-04-11
3
672 Views
Last Modified: 2012-04-30
Hey

Some of our computers gets the following error: (Windows ThinPC)

Event ID: 3210Source: NETLOGON
Type: Error
Description:
Failed to authenticate with \\<computer name>, a Windows NT domain controller for domain <domain name>.

If we rejoin the computers - they work again.

But why? (no other computers has taken the computername)
0
Comment
Question by:mikeydk
  • 2
3 Comments
 
LVL 10

Expert Comment

by:Prashant Girennavar
ID: 37836322
This is mainly due to secure channel broken between the workstation and the domain.

When you unjoin and rejoin the computer , computer account passowrd will get reset and it will in sync with Active directory.

I would recommand you to go through below link to understand this better.

http://social.technet.microsoft.com/wiki/contents/articles/9157.trust-relationshitp-between-workstation-and-primary-domain-failed-en-us.aspx

Also refer below link which explains this behvaiour in detail.

http://support.microsoft.com/default.aspx?scid=kb;en-us;555038
http://eventid.net/display.asp?eventid=3210&eventno=1115&source=NETLOGON&phase=1

Regards,

_Prashant_
0
 

Author Comment

by:mikeydk
ID: 37836353
Is there any way to see if the SID on the Computeraccount in the AD equls the SID on the local computer?
0
 
LVL 10

Accepted Solution

by:
Prashant Girennavar earned 500 total points
ID: 37836421
A computer's SID is stored in the Registry's SECURITY hive under SECURITY\SAM\Domains\Account.

On AD there are mutiple ways

1.Login to domain controller---->launch ADSIEdit---->Go to the path where computer object is stored---->Properties---->Attribute editor------->SID

2. You can use below command line to get the computer SID,

dsquery * -filter "(objectcategory=computer)" -attr objectsid (Run this on DC)

3.Or you can use Joe's Adfine Tool.

adfind -default -f objectcategory=computer objectsid

Regards,

_Prashant_
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question