Re: Connecting to DC in wrong site

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Jeff (jeffpoling_at_yahoo.com)
Date: 11/18/04 

Date: Thu, 18 Nov 2004 13:17:45 -0600

We get this kind of error on the DC system log:

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5723
Date: 11/18/2004
Time: 10:28:25 AM
User: N/A
Computer: AD
Description:
The session setup from computer 'CR02-EMBT30' failed because the security
database does not contain a trust account 'CR02-EMBT30$' referenced by the
specified computer.

USER ACTION
If this is the first occurrence of this event for the specified computer and
account, this may be a transient issue that doesn't require any action at
this time. Otherwise, the following steps may be taken to resolve this
problem:

If 'CR02-EMBT30$' is a legitimate machine account for the computer
'CR02-EMBT30', then 'CR02-EMBT30' should be rejoined to the domain.

If 'CR02-EMBT30$' is a legitimate interdomain trust account, then the trust
should be recreated.

Otherwise, assuming that 'CR02-EMBT30$' is not a legitimate account, the
following action should be taken on 'CR02-EMBT30':

If 'CR02-EMBT30' is a Domain Controller, then the trust associated with
'CR02-EMBT30$' should be deleted.

If 'CR02-EMBT30' is not a Domain Controller, it should be disjoined from the
domain.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 8b 01 00 c0 ‹..À

"Tim Kalligonis" <tkalligonis@comcast.net> wrote in message
news:OqWGPtZzEHA.1860@TK2MSFTNGP15.phx.gbl...
> No, I haven't figured anything out yet. Let me know if you do.
>
> What types of issues do you find with the computer account?
>
>
> "Jeff" <jeffpoling@yahoo.com> wrote in message
> news:%23vg5V0YzEHA.2200@TK2MSFTNGP09.phx.gbl...
>> Tim,
>>
>> I am seeing this in our environment on occasion as well. We are running
>> 2 W2k3 DCs at our main site. 4 Remote sites have W2K DCs and 1 remote
>> site has a W2k3 DC. All the DCs are Global catalogs at the remote sites
>> and our main site.
>>
>> Once in a while a Windows XP PC at our main site will authenticate
>> against a remote site DC. Typically we'll see issues with the computer
>> account when this happens.
>>
>> Have you been able to find a resolution?
>>
>> Thanks,
>>
>> Jeff
>> "Tim Kalligonis" <tkalligonis@comcast.net> wrote in message
>> news:u9ybv7OwEHA.1396@tk2msftngp13.phx.gbl...
>>> We've been having an issue where random client machines connect to
>>> Domain
>>> Controllers outside of their site.
>>> I've only see the issue in the site I am located in, there have not been
>>> reports of this issue from other sites so I'm not sure if this occurs in
>>> those other sites or not.
>>>
>>> I've checked the obvious - make sure all subnets that are suppose to be
>>> associated to this site are defined in the site. Checked the remote
>>> sites
>>> were these clients are connecting to making sure that the subnet is not
>>> also
>>> defined somewhere else.
>>>
>>> Issue: Occasionally client will take a little longer than usual to log
>>> into
>>> their machine. If the %logonserver% is check it will show they were
>>> authenticated to a domain controller outside of their site. It is
>>> usually a
>>> domain controller is one of three remote sites. We have a total of 26
>>> sites. Then when ADUC is opened it will also connect to this remote DC.
>>>
>>> Another interest piece of information is the fact that the site I am
>>> seeing
>>> this occur in has the most DCs in it, it has four DCs for this
>>> particular
>>> domain plus the FSMO roles reside on 2 of the 4 DCs in this site.
>>>
>>> I haven't been able to find and KB articles describing this problem.
>>> Has
>>> anyone experienced this problem or know of KB articles describing this
>>> issue?
>>>
>>> Thanks,
>>> Tim
>>>
>>>
>>
>>
>
>

Relevant Pages

  • Re: Computer accounts not manageable
    ... Usualy we rejoin the computer are we run secedit on the machine to ... Below is a error that come up in the system log on a Domain controller ... security database does not contain a trust account 'computer-001408$' ... If 'computer-001408$' is a legitimate interdomain trust account, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Why would an object disappear from active directory?
    ... Replication problems or accidents are the only reasons I'd expect. ... >>> database does not contain a trust account 'NMITCHELL30$' referenced by ... >>> If 'NMITCHELL30' is not a Domain Controller, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Connecting to DC in wrong site
    ... Event Type: Error ... database does not contain a trust account 'CR02-EMBT30$' referenced by the ... If 'CR02-EMBT30$' is a legitimate interdomain trust account, ... If 'CR02-EMBT30' is not a Domain Controller, it should be disjoined from the ...
    (microsoft.public.windows.server.active_directory)
  • Re: Adding a second Domain Controller
    ... > "The session setup from computer 'MTA-SERVER02' failed because the security> database does not contain a trust account 'MTA-SERVER02$' referenced by the> specified computer. ... USER ACTION If this is the first occurrence of this> event for the specified computer and account, this may be a transient issue> that doesn't require any action at this time. ... If 'MTA-SERVER02$' is a legitimate interdomain> trust account, then the trust should be recreated. ... Otherwise, assuming that> 'MTA-SERVER02$' is not a legitimate account, the following action should be> taken on 'MTA-SERVER02': If 'MTA-SERVER02' is a Domain Controller, then the> trust associated with 'MTA-SERVER02$' should be deleted. ...
    (microsoft.public.windows.server.sbs)
  • Computer accounts not manageable
    ... Below is a error that come up in the system log on a Domain controller ... security database does not contain a trust account 'computer-001408$' ... If 'computer-001408$' is a legitimate interdomain trust account, ...
    (microsoft.public.windows.server.active_directory)