[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1504
  • Last Modified:

Issue with computer account and AD under Windows 2008 R2

I gave up and I need the help of my fellow experts!
I have a computer account which was removed from the domain properly by changed the domain group to the local on this machine. The account disappeared from the AD on the Windows 2008 R2 service, in the computers OU. Everything was fine until I received these errors:

First:

Event Log: System
Event Type: Error
Event ID: 5805
Source Name: NETLOGON
Message: The session setup from the computer IIM-05 failed to authenticate. The following error occurred:
Access is denied.

And them:

Event Log: System
Event Type: Error
Event ID: 5723
Source Name: NETLOGON
Message: The session setup from computer 'IIM-05' failed because the security database does not contain a trust account 'IIM-05$' referenced by the specified computer.

USER ACTION
If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time.  If this is a Read-Only Domain Controller and 'IIM-05$' is a legitimate machine account for the computer 'IIM-05' then 'IIM-05' should be marked cacheable for this location if appropriate or otherwise ensure connectivity to a domain controller  capable of servicing the request (for example a writable domain controller).  Otherwise, the following steps may be taken to resolve this problem:

If 'IIM-05$' is a legitimate machine account for the computer 'IIM-05', then 'IIM-05' should be rejoined to the domain.

If 'IIM-05$' is a legitimate interdomain trust account, then the trust should be recreated.

Otherwise, assuming that 'IIM-05$' is not a legitimate account, the following action should be taken on 'IIM-05':

If 'IIM-05' is a Domain Controller, then the trust associated with 'IIM-05$' should be deleted.

If 'IIM-05' is not a Domain Controller, it should be disjoined from the domain.

The machine is not available anymore since the HD failed and the machine was rebuild with a new image and a new name...

My question is how or where I can remove this computer account? I can't find it anywhere in the AD. I checked also the DNS, there is not entry there too!

Any clue?
0
Frederic Sune
Asked:
Frederic Sune
  • 2
2 Solutions
 
David Johnson, CD, MVPOwnerCommented:
If 'IIM-05$' is a legitimate machine account for the computer 'IIM-05', then 'IIM-05' should be rejoined to the domain.

You must have a gpo or a trust relationship explicitly set for IIM-05.

Do you want to rejoin this computer to the domain?

Did you change the domain on the affected machine or did you join it to a workgroup?

for your logon on this machine you have to use a local account not a domain account
0
 
Frederic SuneCEO, IT in MIND inc.Author Commented:
Thanks ve3ofa for your answer, here are mine:

There is no GPO on the domain for a specific computer neither explicit relationship except that the machine was a member of the domain.

Do you want to rejoin this computer to the domain? No, like I said, it's not possible, the machine with this name doesn't exist anymore...

Did you change the domain on the affected machine or did you join it to a workgroup? Joined the workgroup before I changed the HD

for your logon on this machine you have to use a local account not a domain account. It's a new installation, so yes, no choice.
0
 
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
How long ago did this machine fail and was removed from the domain?

Is it possible someone had a session established from that machine, and the session has outlived the workstation?  (If it's been more than a patch cycle ago, that's probably not it.)

I see that in other cases, this has occurred because this was the ghost machine was used as a master, from which other machines are cloned.  The entries disappear after then system is sysprep'd but I assume the folks looking at the server logs aren't the same as those cloning machines.
0
 
Frederic SuneCEO, IT in MIND inc.Author Commented:
Thanks Razmus, I think you're right about the ghost session!
The machine was removed from the domain one week ago and since yesterday, I didn't get the errors anymore... That's weird! It`s the first time I saw this... Well, we learned all the time.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now