Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Problems with machine accounts on Domain

Problems with machine accounts on Domain 9 years 11 months ago #19008

  • Bublitz
  • Bublitz's Avatar
  • Offline
  • Senior Member
  • Posts: 301
  • Thank you received: 3
  • Karma: 2
I have machines on a domain that aren't allowed to log on the domain.

I did restore the domain controller via system state.

It seems to be random thoughout the domain. To fix they have to unplug the cable restart then login. Then put the cable back in and then they use AD resources.

Ive Tried
support.microsoft.com/?kbid=288167

Also
support.microsoft.com/?kbid=216393
But when I try this command
netdom reset 'machinename' /domain:'domainname
I get a bad username or password error... Well the command doesn't specify one.

I know that probably taking all the PC off the domain then re adding thrm might work....I want to avoid that if possible.

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5513
Date: 12/19/2006
Time: 2:15:36 PM
User: N/A
Computer: (domain Controller)
Description:
The computer ABC4 tried to connect to the server \\(domain Controller)using the trust relationship established by the (domain anme) domain. However, the computer lost the correct security identifier (SID) when the domain was reconfigured. Reestablish the trust relationship.
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5722
Date: 12/19/2006
Time: 2:08:00 PM
User: N/A
Computer: (domain Controller)
Description:
The session setup from the computer (computer name) failed to authenticate. The name of the account referenced in the security database is (Computer name). The following error occurred:
Access is denied.
Data:
0000: 22 00 00 c0 "..À
The Bublitz
Systems Admin
Hospice of the Red River Valley
The administrator has disabled public write access.

Re: Problems with machine accounts on Domain 9 years 11 months ago #19009

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
You are on the right tracks with the second knowledge base article. The computer accounts reset the computer passwords for the secure communication channels every 30days. It sounds like when you did the restore it unsync'd the machine passwords.

What Domain are you running 2003 or 2000 ?

Are you running the command off your Domain Controller or the Local Machine experiencing the problem ?

If you are logging into the local machine using a local username/password then you will not have an appropriate level of access to the domain to reset the secure communications. It should work from the Domain Controller though and then restart the local machine.

Removing the machine off the domain and re-adding it should work because adding the machine setups the secure communication again therefore they will be sync'd.

Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.

Re: Problems with machine accounts on Domain 9 years 11 months ago #19022

  • Bublitz
  • Bublitz's Avatar
  • Offline
  • Senior Member
  • Posts: 301
  • Thank you received: 3
  • Karma: 2
Im logged in the administrator account for the domain on the domain controller. I am still getting this error... Its driving me nuts removing and adding all there machines to the domain is not fun especially since you have to copy profiles over on the local machine. Since windows makes a whole new account when you do this.

This DC has been fighting me tooth and nails. This should work I'm logged in as domain admin...

I am also getting
Logon Failure: The target account name is incorrect.
The Bublitz
Systems Admin
Hospice of the Red River Valley
The administrator has disabled public write access.

Re: Problems with machine accounts on Domain 9 years 11 months ago #19033

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
Is this a multiple domain controller environment or are we talking just a single domain controller ?
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.

Re: Problems with machine accounts on Domain 9 years 11 months ago #19057

  • Bublitz
  • Bublitz's Avatar
  • Offline
  • Senior Member
  • Posts: 301
  • Thank you received: 3
  • Karma: 2
Just a single DC this happend after a system state restore of the PDC.
The Bublitz
Systems Admin
Hospice of the Red River Valley
The administrator has disabled public write access.

Re: Problems with machine accounts on Domain 9 years 11 months ago #19077

  • Bublitz
  • Bublitz's Avatar
  • Offline
  • Senior Member
  • Posts: 301
  • Thank you received: 3
  • Karma: 2
Well Im going to remove the machines from the domain and add them. Good thing it isn't a 1000+ machine domain....Its sad to think that I have to do this. The microsft web site shows a 5 step process for recovering a DC from backup....

I was able to get rid of a bad user and password error.

Now it says "The Trust between the workstation and the Domain failed."
The Bublitz
Systems Admin
Hospice of the Red River Valley
The administrator has disabled public write access.
Time to create page: 0.089 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup