Solved

Need help sorting things out, dealing with cached credentials, Outlook 2010, and network settings.

Posted on 2013-01-15
7
310 Views
Last Modified: 2013-01-22
My place of work has two separate buildings and both are setup with domain controllers. One via wireless networking and the other wired. Both domains are named the same.

My boss had been using a pc with Mark's user profile on the wired network. She then brought it over to the other building (that uses wireless networking) and was able to access and send email via Outlook 2010 using Mark's profile (probably via cached credentials). It was NOT set to login to the wireless networking domain controller yet.

Life was happy until I decided to add this computer to the wireless domain. Since I am somewhat new to setting up networking settings, I couldn't add the pc to the wireless initially and tried a few different things. (I had all sorts of messages about Trust Relationships, and DNS Server not found..) etc. One thing I tried was changing the computer name, MARK02-PC to MARK02PC. I also tried to Reset the Computer in AD User/Computer, also Deleted the Computer from list of Domain Computers and added it back while inside AD User/Computer. Also tried leaving and re-entering the domain.

Eventually, after trial and error I changed the computer name back to the original MARK02-PC and was able to get it logged into the wireless domain. (I pointed the wireless adapter to the IP address of the DNS server).

The bad thing now is my boss can no longer login to the Mark user profile (cached credentials erased?) I am hoping to take it back over to the building with the wired network, login as Mark and regain the credentials. Will this work? I hope so, Mark user account has very important emails.

I hope my changing of the computer name had no effect on the SID?
0
Comment
Question by:tcai1976
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 18

Expert Comment

by:Akinsd
ID: 38781389
Renaming the computer will not change the SID but deleting it will.

I'm not sure what you meant by...
...also Deleted the Computer from list of Domain Computers and added it back while inside AD User/Computer.

However, this has nothing to do with Mark's emails you are concerned about.

The email should be archived in the .pst file on the computer unless you are using a roaming profile or folder redirection which means everything would be on the home directory of the user.

Inability to log on to the domain most likely because there is no trust relationship between the wireless network and the domain that houses the user account.

The idea of connecting the computer back to the wired LAN is a good decision. The logon info will be cached after the first logon. My guess is you are not using Radius server to integrate wireless network to your domain.
0
 

Author Comment

by:tcai1976
ID: 38782086
Hi. Thanks for your assistance.

To clarify what I meant by "also Deleted the Computer from list of Domain Computers and added it back while inside AD User/Computer." -  On the domain controller that is running Windows Server 2008, I deleted the computer MARK02-PC while within the Active Directory Users and Computers window (ie. I selected to "Delete" the computer from the sub-folder that listed all computers on the domain.)

I went back to her client machine and renamed it MARK02PC.

Then I went to the domain controller again and manually added her machine to the list of computers inside of Active Directory Users and Computers. This time I added the computer again as MARK02PC.

Bear in mind I did this to try and 'fix' the trust relationship issue between her computer and the wireless network. Removing the client computer, renaming, and adding it back manually to the domain controllers list of Computer didn't work.

I then removed MARK02PC from the domain controller AD U&C computer list, renamed the client machine back to MARK02-PC as previous and then added it back to the domain controller computer list. This time I pointed the wireless adapter to use a preferred DNS Server (it had been previously set to Obtain DNS Server Automatically) and was able to join her client machine to the wireless domain.

Somewhere along the way I accidentally wiped out the cache credentials of the Mark user profile on her client machine. Before I came along to 'fix' the machine they were able to log into the client machine using Mark's cache credentials and had it using the wireless internet router for internet access, do email in Outlook 2010, and use a network printer. I don't understand how they accomplished that without being part of the wireless domain.

Our networks are setup so a user can log onto the network from any machine on the network but the User profile settings for each computer is stored on the local client machine. For instance, on my computer using my username I log onto the domain and have a black desktop background, if I were to log onto the domain in the conference room it has a blue background. Is this a roaming profile setup?

I looked for the archived .pst Outlook file but didn't not find it for Mark. I will enable 'Show Hidden Files and Folders' and look again. it it makes any difference this is on a Windows 7 Pro Client machine with a domain controller running Windows Server 2008.
0
 

Author Comment

by:tcai1976
ID: 38783102
After some research it appears leaving the domain by joining a workgroup will clear cached credentials. I did not know this.. I did leave the current domain and joined a workgroup as a step in attempting to 'fix' the security issues between client and domain controller.

Seems the next step is indeed joining the wired network domain and then login as Mark so the credentials are cached again.
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 
LVL 18

Accepted Solution

by:
Akinsd earned 500 total points
ID: 38784214
Correct

Deleting the computer in AD and re-adding it causes the SID to change also. It is possible to force a specific SID also but like I said previously, this has no bearing on the User profile. If you had deleted the user, then that's where issues would be.

You should be fine with your anticipated move.

All the best
0
 

Author Comment

by:tcai1976
ID: 38785149
That is good to hear.

Once I've tried this tomorrow I will post the results. It'll be another restless night for me in the meantime.
0
 

Author Comment

by:tcai1976
ID: 38806674
Problem has been resolved.

Performing a wired connection login to the domain restored credentials and my boss was able to access the flood of emails.

Thanks Akinsd.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 38808335
You're welcome
You would still have resolved it on your own though. Great job and thanks
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question