Problem with computer account
- From: "Wibble" <Wibble@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 1 Jan 2006 10:01:49 -0000
Hi,
OK, I'm fairly new to Active Directory, but I have a problem where I cannot
log on to the network from my laptop. It appears that the computer account
for the laptop may be corrupt or something. I'll provide as much detail as
I can in the hope someone can help me fix it:
It started off with building a new DC to replace my old one. I built the
machine, installed Windows 2003 Enterprise server etc. Made it into a
Domain Controller for the domain, demoted the old DC and turned it off, and
everything seemed to be fine.
My network now essentially consists of my DC, one desktop and one laptop.
Connected to the DC from my laptop via Terminal Sevices, and installed
SQLServer 2005 and IIS. Disconnected, and then went to connect via TS
again, and couldn't.
Any attempt to log on to the network on wither the Desktop or laptop failed.
Did a bit of digging on google, and found an article that suggested
resetting the compter account in AD. Did this for both the laptop and
desktop accounts, and now my desktop logs on fine, but the laptop is not
having any of it.
In the event log on the laptop I get:
Userenv Event ID: 1053
Windows cannot determine the user or computer name. (Access is
denied. ). Group Policy processing aborted.
Followed by
AutoEnrollment Event ID: 15
Automatic certificate enrollment for local system failed to contact the
active directory (0x8007052b). Unable to update the password. The value
provided as the current password is incorrect.
Enrollment will not be performed.
Even wierder, if I disable the computer account in AD, then log in with the
cached credentials on my laptop, then re-enable the account in AD, I can
access and see the DC shares etc without a problem.
I have tried resetting the computer account on the DC several times, but to
no avail. Trying to log in with the account enabled gives the error that it
couldn not contact the domain controller.
One possibility that has been suggested is to leave the domain and then
re-join it, but will this destroy my current profile for my domain user
account on the laptop?
One other footnote, if I have the windows firewall turned on on the DC, then
it takes ages for the authentication to fail (about 20-30 seconds). If I
disable the firewall it failes almost instantly. Presumably a DC should
automatically configure Windows Firewall t o ope the necessary ports for
RPC etc?
Thanks in advance for any help,
Bill.
P.S. Happy New Year!
.
- Follow-Ups:
- Re: Problem with computer account
- From: Kevin D. Goodknecht Sr. [MVP]
- Re: Problem with computer account
- From: Paul Bergson
- Re: Problem with computer account
- Prev by Date: Re: upgrade a Windows 2003 DC to R2
- Next by Date: Re: SQL and AD
- Previous by thread: Re: upgrade a Windows 2003 DC to R2
- Next by thread: Re: Problem with computer account
- Index(es):
Relevant Pages
|
