Link to home
Start Free TrialLog in
Avatar of Buckeroo_Banzai
Buckeroo_BanzaiFlag for United States of America

asked on

Laptop missing in 2008 AD

A laptop (Win7) has been off the domain (Server 2008) for over 30 days so I had to remove it from the domain, remove the computer in AD then rejoin the domain. Logged on as both Admin and user and all seemed well until I noticed that I could not find the computer in AD. Checked event log System and found:

The session setup from the computer 2TYS4M1 failed to authenticate. The following error occurred: Access is denied.
Event ID 5808, Event Source NETLOGON, Local ID 1033

I can ping it and the logon scripts are working but AD refuses to see it. I would prefer not to have to rejoin again so am looking for alternatives. Don't really want to rename the laptop if possible either.
Avatar of Mike Kline
Mike Kline
Flag of United States of America image

Joe Richards has a tool that he recently released that might help  
http://blog.joeware.net/2012/06/07/2513/

These are tough errors to diagnose as Joe points out in his blog.

Thanks

Mike
Hi.

if a computer does not contact the domain for 30 days, his password expires. He will renew it automatically next time he can contact a writeable DC. NORMALLY.
So normally, you would not need to do anything in the first place.

Regarding your problem: did you do a search (automatic search) on the domain head for that computer (not user) object and did not find it?
Avatar of Buckeroo_Banzai

ASKER

@Mike  This utility looks very useful but unfortunately it requires that the computer be reset from AD and of course I cannot see it there. I will keep this for future use though. Thanks.
@McKnife This computer was connected to the domain for over 24 hours and never reestablished trust (several reboots) which is when I removed and rejoined. I searched the entire domain for it but it was not found.
This sounds most definitely like a replication problem between your DCs. Please check for that at the event logs of your DCs.
@McKnife: I rechecked the Event Logs and found this under Security:

Computer:      dc03.mydomain.lan
Description:
An account failed to log on.

Subject:
      Security ID:            NULL SID
      Account Name:            -
      Account Domain:            -
      Logon ID:            0x0

Logon Type:                  3

Account For Which Logon Failed:
      Security ID:            NULL SID
      Account Name:            2TYS4M1$
      Account Domain:            MyDomain

Failure Information:
      Failure Reason:            Unknown user name or bad password.
      Status:                  0xc000006d
      Sub Status:            0xc0000064

Process Information:
      Caller Process ID:      0x0
      Caller Process Name:      -

Network Information:
      Workstation Name:      2TYS4M1
      Source Network Address:      10.1.1.126
      Source Port:            58207

Detailed Authentication Information:
      Logon Process:            NtLmSsp
      Authentication Package:      NTLM
      Transited Services:      -
      Package Name (NTLM only):      -
      Key Length:            0
Under security? Not what I had thought of.
There is a log for the AD, open eventvwr, open application and services logs, open DFS replication, DNS server and directory service and look for errors.
1) remove the laptop from the domain
2) reboot the laptop
3) search ad for old laptop computer account - if found delete
4) log on locally on laptop and verify dns settings are correct for local dc
5) re-add laptop to domain
6) reboot laptop
7) search ad for laptop computer account
ASKER CERTIFIED SOLUTION
Avatar of Buckeroo_Banzai
Buckeroo_Banzai
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Discovered that I did not wait long enough for server replication.