[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Failed to authenticate with \\<computer name>, a Windows NT domain controller for domain

Posted on 2012-04-11
3
Medium Priority
?
691 Views
Last Modified: 2012-04-30
Hey

Some of our computers gets the following error: (Windows ThinPC)

Event ID: 3210Source: NETLOGON
Type: Error
Description:
Failed to authenticate with \\<computer name>, a Windows NT domain controller for domain <domain name>.

If we rejoin the computers - they work again.

But why? (no other computers has taken the computername)
0
Comment
Question by:mikeydk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 10

Expert Comment

by:Prashant Girennavar
ID: 37836322
This is mainly due to secure channel broken between the workstation and the domain.

When you unjoin and rejoin the computer , computer account passowrd will get reset and it will in sync with Active directory.

I would recommand you to go through below link to understand this better.

http://social.technet.microsoft.com/wiki/contents/articles/9157.trust-relationshitp-between-workstation-and-primary-domain-failed-en-us.aspx

Also refer below link which explains this behvaiour in detail.

http://support.microsoft.com/default.aspx?scid=kb;en-us;555038
http://eventid.net/display.asp?eventid=3210&eventno=1115&source=NETLOGON&phase=1

Regards,

_Prashant_
0
 
LVL 1

Author Comment

by:mikeydk
ID: 37836353
Is there any way to see if the SID on the Computeraccount in the AD equls the SID on the local computer?
0
 
LVL 10

Accepted Solution

by:
Prashant Girennavar earned 2000 total points
ID: 37836421
A computer's SID is stored in the Registry's SECURITY hive under SECURITY\SAM\Domains\Account.

On AD there are mutiple ways

1.Login to domain controller---->launch ADSIEdit---->Go to the path where computer object is stored---->Properties---->Attribute editor------->SID

2. You can use below command line to get the computer SID,

dsquery * -filter "(objectcategory=computer)" -attr objectsid (Run this on DC)

3.Or you can use Joe's Adfine Tool.

adfind -default -f objectcategory=computer objectsid

Regards,

_Prashant_
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question