machine account password replication not working

---

• From: Brandon McCombs <bmccombs@xxxxxxxxx>
• Date: Fri, 29 Apr 2005 01:09:20 GMT

---

Hello,

I have 2 domains with 4 servers each. 2 servers are DCs and 2 servers
are designated file/print servers. All 8 servers are using windows
server 2003. For the last few weeks off and on the servers have all
been reporting file replication errors but seemingly overnight they go
away. The file/print servers were reporting that they couldn't find
their computer objcet in AD even though I looked and saw them plain as
day in the same OU they had always been in. That error showed up a
couple days before errors about not being able to bind to AD started
showing up. I found out that resetting the machine account password on
the file/print servers wasn't a good idea as now they can't connect to
AD at all, even to let a domain user authenticate to them thru Remote
Desktop although file share access is still possible (thank goodness).

It sounds like that somewhere along the line when the machine account
password is due for a reset that the member server adn the domain
controllers get out of sync. The member servers reported access denied
errors indicating that their machine password is no longer in sync with
AD and AD won't let anything happen between the DCs adn the member
servers. Can anyone tell me as to how this might happen?

We were also having replication issues even between 2 domain controllers
in the same domain (the domains involved are not in a trust
relationship) and it is working today between those 2 machines and I
didnt find out until after everyone left so I don't know if it fixed
itself or if someone ran the netdom command to reset their machine
passwords. The last time i did that it fixed replication because the
secure channel could be established again between the DCs but doing that
for the member servers today totally broke them off from the domain and
they will need to be rejoined from what I've read about the issue on MS
technet.

thanks for any input

.

---

• Follow-Ups:
  • Re: machine account password replication not working
    • From: Cary Shultz [A.D. MVP]

• Prev by Date: Re: ldap query exeeds size limit
• Next by Date: Re: Share Folder Permission on xp in a 2003 domain
• Previous by thread: demote DC + kill domain, question
• Next by thread: Re: machine account password replication not working
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: NTP vs chrony comparison (Was: oscillations in ntp clock synchronization) ... servers pogo.udel.edu and rackety.udel.edu are synchronized via GPS and ... I invite the skeptics to peek at them from time to time. ... If chrony is reporting the same measurements, ... Certainly for ntpd, ... (comp.protocols.time.ntp) Re: Hacking Attempts ? ... Im seeing this in clients servers also. ... give better reporting function, got no idea which 'door' this webmaster is ... a "webmaster" username attempt yesterday as well. ... Logon Failure: ... (microsoft.public.windows.server.sbs) Re: Wrong network usage reported by /proc ... servers that are reporting all sorts of impossible ... The values collected using tcpdump always seem realistic and match the ... I download a DVD ISO from a remote workstation: ... (Linux-Kernel) Re: BSDstats: New High Water Mark: 25 000+ Hosts Reporting In ... I have 10 FreeBSD servers and desktops in use here in Hawaii. ... the reporting is not based on your IP ... ... individual host to connect to the rver ... ... (freebsd-questions) Wrong network usage reported by /proc ... servers that are reporting all sorts of impossible ... network usage values through /proc, ... I download a DVD ISO from a remote workstation: ... (Linux-Kernel)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)