Windows cannot connect to the domain & Event ID 3210 5722 - Lots of Details!
- From: JayDee <dopamine@xxxxxxxx>
- Date: Tue, 11 Dec 2007 18:31:29 -0800 (PST)
There have been numerous posts regarding this over the past year, but
virtually all of them offer the suggestion of removing the computer
from the domain, adding it to a workgroup, then without rebooting
adding it back to the domain. My concern, however, is that we're
starting to see this on a number of computers and I need to understand
why.
The problem is as follows:
We have some Windows XP devices that were removed from the network for
a week or two then powered back on. They now receive the following
error when powered back up and as a result, my only choice is to log
on with the administrator ID:
"Windows cannot connect to the domain, either because the domain
controller is down or otherwise unavailable, or because your computer
account was not found."
1) Once logged on, the System Event Log on the XP workstation had the
following message:
Event ID: 3210
"This computer could not authenticate with \\dc.domain.com, a Windows
domain controller for domain DOMAIN, and therefore this computer might
deny logon requests. This inability to authenticate might be caused by
another computer on the same network using the same name or the
password for this computer account is not recognized. If this message
appears again, contact your system administrator."
2) The domain control which attempted to authenticate the computer had
this error:
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5722
Date: Date
Time: Time
User: N/A
Computer: ComputerName
Description: The session setup from the computer ComputerName failed
to authenticate. The name of the account referenced in the security
database is AccountName$.
The following error occurred:
Access is denied.
3) I discovered that the computer is still registering with WINS (yes,
we still have it around) but NOT registering with Dynamic DNS for the
active directory domain it is a part of. I tried rebooting and also
doing an "IPCONFIG /registerdns" to no avail. I also confirmed correct
DNS addresses and there is only one network card in the computer. I
also confirmed that the workstation can, in fact, PING all DC's in
it's site including the one in #2 above.
I tried adding a record for this computer into DNS manually just to
see what would happen - no change.
So again, I know it will probably work to add it to a workgroup and
then back to the domain, but I need to understand why this is happen.
Here are some of the things I ruled out:
* I have confirmed that the computer has been off-line for less than
the number of dates in the "HKLM\System\CurrentControlSet\Services
\Netlogon\Parameters\maximumpasswordage" key.
* The computer has not been rebuilt using the same name without first
deleting the old name in the domain
* The computer name does not exist in any other DNS domains
I'm at a loss, please help!!
Thank you very much!!
- JayDee
.
- Follow-Ups:
- Re: Windows cannot connect to the domain & Event ID 3210 5722 - Lots of Details!
- From: Paul Bergson [MVP-DS]
- Re: Windows cannot connect to the domain & Event ID 3210 5722 - Lots of Details!
- Prev by Date: Re: ADAM vs AD services for Unix
- Next by Date: Extending the ADAM Schema to Support an Application
- Previous by thread: Re: ADAM vs AD services for Unix
- Next by thread: Re: Windows cannot connect to the domain & Event ID 3210 5722 - Lots of Details!
- Index(es):
Relevant Pages
|
