- Posts: 301
- Thank you received: 3
Problems with machine accounts on Domain
17 years 10 months ago #19008
by Bublitz
The Bublitz
Systems Admin
Hospice of the Red River Valley
Problems with machine accounts on Domain was created by Bublitz
I have machines on a domain that aren't allowed to log on the domain.
I did restore the domain controller via system state.
It seems to be random thoughout the domain. To fix they have to unplug the cable restart then login. Then put the cable back in and then they use AD resources.
Ive Tried
support.microsoft.com/?kbid=288167
Also
support.microsoft.com/?kbid=216393
But when I try this command
netdom reset 'machinename' /domain:'domainname
I get a bad username or password error... Well the command doesn't specify one.
I know that probably taking all the PC off the domain then re adding thrm might work....I want to avoid that if possible.
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5513
Date: 12/19/2006
Time: 2:15:36 PM
User: N/A
Computer: (domain Controller)
Description:
The computer ABC4 tried to connect to the server \\(domain Controller)using the trust relationship established by the (domain anme) domain. However, the computer lost the correct security identifier (SID) when the domain was reconfigured. Reestablish the trust relationship.
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5722
Date: 12/19/2006
Time: 2:08:00 PM
User: N/A
Computer: (domain Controller)
Description:
The session setup from the computer (computer name) failed to authenticate. The name of the account referenced in the security database is (Computer name). The following error occurred:
Access is denied.
Data:
0000: 22 00 00 c0 "..À
I did restore the domain controller via system state.
It seems to be random thoughout the domain. To fix they have to unplug the cable restart then login. Then put the cable back in and then they use AD resources.
Ive Tried
support.microsoft.com/?kbid=288167
Also
support.microsoft.com/?kbid=216393
But when I try this command
netdom reset 'machinename' /domain:'domainname
I get a bad username or password error... Well the command doesn't specify one.
I know that probably taking all the PC off the domain then re adding thrm might work....I want to avoid that if possible.
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5513
Date: 12/19/2006
Time: 2:15:36 PM
User: N/A
Computer: (domain Controller)
Description:
The computer ABC4 tried to connect to the server \\(domain Controller)using the trust relationship established by the (domain anme) domain. However, the computer lost the correct security identifier (SID) when the domain was reconfigured. Reestablish the trust relationship.
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5722
Date: 12/19/2006
Time: 2:08:00 PM
User: N/A
Computer: (domain Controller)
Description:
The session setup from the computer (computer name) failed to authenticate. The name of the account referenced in the security database is (Computer name). The following error occurred:
Access is denied.
Data:
0000: 22 00 00 c0 "..À
The Bublitz
Systems Admin
Hospice of the Red River Valley
17 years 10 months ago #19009
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: Problems with machine accounts on Domain
You are on the right tracks with the second knowledge base article. The computer accounts reset the computer passwords for the secure communication channels every 30days. It sounds like when you did the restore it unsync'd the machine passwords.
What Domain are you running 2003 or 2000 ?
Are you running the command off your Domain Controller or the Local Machine experiencing the problem ?
If you are logging into the local machine using a local username/password then you will not have an appropriate level of access to the domain to reset the secure communications. It should work from the Domain Controller though and then restart the local machine.
Removing the machine off the domain and re-adding it should work because adding the machine setups the secure communication again therefore they will be sync'd.
Cheers
What Domain are you running 2003 or 2000 ?
Are you running the command off your Domain Controller or the Local Machine experiencing the problem ?
If you are logging into the local machine using a local username/password then you will not have an appropriate level of access to the domain to reset the secure communications. It should work from the Domain Controller though and then restart the local machine.
Removing the machine off the domain and re-adding it should work because adding the machine setups the secure communication again therefore they will be sync'd.
Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
17 years 10 months ago #19022
by Bublitz
The Bublitz
Systems Admin
Hospice of the Red River Valley
Replied by Bublitz on topic Re: Problems with machine accounts on Domain
Im logged in the administrator account for the domain on the domain controller. I am still getting this error... Its driving me nuts removing and adding all there machines to the domain is not fun especially since you have to copy profiles over on the local machine. Since windows makes a whole new account when you do this.
This DC has been fighting me tooth and nails. This should work I'm logged in as domain admin...
I am also getting
Logon Failure: The target account name is incorrect.
This DC has been fighting me tooth and nails. This should work I'm logged in as domain admin...
I am also getting
Logon Failure: The target account name is incorrect.
The Bublitz
Systems Admin
Hospice of the Red River Valley
17 years 10 months ago #19033
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: Problems with machine accounts on Domain
Is this a multiple domain controller environment or are we talking just a single domain controller ?
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
17 years 10 months ago #19057
by Bublitz
The Bublitz
Systems Admin
Hospice of the Red River Valley
Replied by Bublitz on topic Re: Problems with machine accounts on Domain
Just a single DC this happend after a system state restore of the PDC.
The Bublitz
Systems Admin
Hospice of the Red River Valley
17 years 10 months ago #19077
by Bublitz
The Bublitz
Systems Admin
Hospice of the Red River Valley
Replied by Bublitz on topic Re: Problems with machine accounts on Domain
Well Im going to remove the machines from the domain and add them. Good thing it isn't a 1000+ machine domain....Its sad to think that I have to do this. The microsft web site shows a 5 step process for recovering a DC from backup....
I was able to get rid of a bad user and password error.
Now it says "The Trust between the workstation and the Domain failed."
I was able to get rid of a bad user and password error.
Now it says "The Trust between the workstation and the Domain failed."
The Bublitz
Systems Admin
Hospice of the Red River Valley
Time to create page: 0.140 seconds