Solved

Failed to authenticate with \\<computer name>, a Windows NT domain controller for domain

Posted on 2012-04-11
3
656 Views
Last Modified: 2012-04-30
Hey

Some of our computers gets the following error: (Windows ThinPC)

Event ID: 3210Source: NETLOGON
Type: Error
Description:
Failed to authenticate with \\<computer name>, a Windows NT domain controller for domain <domain name>.

If we rejoin the computers - they work again.

But why? (no other computers has taken the computername)
0
Comment
Question by:mikeydk
  • 2
3 Comments
 
LVL 10

Expert Comment

by:Prashant Girennavar
ID: 37836322
This is mainly due to secure channel broken between the workstation and the domain.

When you unjoin and rejoin the computer , computer account passowrd will get reset and it will in sync with Active directory.

I would recommand you to go through below link to understand this better.

http://social.technet.microsoft.com/wiki/contents/articles/9157.trust-relationshitp-between-workstation-and-primary-domain-failed-en-us.aspx

Also refer below link which explains this behvaiour in detail.

http://support.microsoft.com/default.aspx?scid=kb;en-us;555038
http://eventid.net/display.asp?eventid=3210&eventno=1115&source=NETLOGON&phase=1

Regards,

_Prashant_
0
 

Author Comment

by:mikeydk
ID: 37836353
Is there any way to see if the SID on the Computeraccount in the AD equls the SID on the local computer?
0
 
LVL 10

Accepted Solution

by:
Prashant Girennavar earned 500 total points
ID: 37836421
A computer's SID is stored in the Registry's SECURITY hive under SECURITY\SAM\Domains\Account.

On AD there are mutiple ways

1.Login to domain controller---->launch ADSIEdit---->Go to the path where computer object is stored---->Properties---->Attribute editor------->SID

2. You can use below command line to get the computer SID,

dsquery * -filter "(objectcategory=computer)" -attr objectsid (Run this on DC)

3.Or you can use Joe's Adfine Tool.

adfind -default -f objectcategory=computer objectsid

Regards,

_Prashant_
0

Join & Write a Comment

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now