Re: Windows cannot connect to the domain & Event ID 3210 5722 - Lots of Details!

I have got some info but not all yet, but my details previously provided are
incorrect. I am waiting on some additional details, when I get them I will
post them.

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"JayDee" <dopamine@xxxxxxxx> wrote in message
news:e04977a1-7221-4bbd-970f-854ada470187@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Dec 12, 11:19 am, "Paul Bergson [MVP-DS]"
<pbergson@xxxxxxxxxxxxxxxxx> wrote:
The way I understand it, it isn't the number of days off but if the
machine
is turned on when the change takes place. So if you turn it off on day
28
and it is off for 3 days then it was off over the 30 day change.

I will run this by some other folks and get back to you in the next day
or
so. I will have to wait for an answer.

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

"JayDee" <dopam...@xxxxxxxx> wrote in message

news:1c9acc4a-733f-43a1-9d83-2fd9190b0d06@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx



On Dec 12, 6:04 am, "Paul Bergson [MVP-DS]"
<pbergson@xxxxxxxxxxxxxxxxx> wrote:
When a machine joins the domain (Domain Controllers are included in
this)
it
is assigned a password. When you reboot it, when the machine is
starting
back up it is required to log onto the domain, just like a user
account.
By
default the password is changed every 30 days, if your machine has
been
turned off over the change the machine is unable to log back on until
you
either remove and add the machine from the domain -or- using nltest or
netdom to reset the machine account.

http://support.microsoft.com/kb/216393/en-us

http://support.microsoft.com/default.aspx?scid=kb;en-us;154501

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

"JayDee" <dopam...@xxxxxxxx> wrote in message

news:689dae55-eadd-4cf2-b449-004be24fb81b@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

There have been numerous posts regarding this over the past year,
but
virtually all of them offer the suggestion of removing the computer
from the domain, adding it to a workgroup, then without rebooting
adding it back to the domain. My concern, however, is that we're
starting to see this on a number of computers and I need to
understand
why.

The problem is as follows:

We have some Windows XP devices that were removed from the network
for
a week or two then powered back on. They now receive the following
error when powered back up and as a result, my only choice is to log
on with the administrator ID:

"Windows cannot connect to the domain, either because the domain
controller is down or otherwise unavailable, or because your
computer
account was not found."

1) Once logged on, the System Event Log on the XP workstation had
the
following message:

Event ID: 3210
"This computer could not authenticate with \\dc.domain.com, a
Windows
domain controller for domain DOMAIN, and therefore this computer
might
deny logon requests. This inability to authenticate might be caused
by
another computer on the same network using the same name or the
password for this computer account is not recognized. If this
message
appears again, contact your system administrator."

2) The domain control which attempted to authenticate the computer
had
this error:

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5722
Date: Date
Time: Time
User: N/A
Computer: ComputerName
Description: The session setup from the computer ComputerName failed
to authenticate. The name of the account referenced in the security
database is AccountName$.
The following error occurred:
Access is denied.

3) I discovered that the computer is still registering with WINS
(yes,
we still have it around) but NOT registering with Dynamic DNS for
the
active directory domain it is a part of. I tried rebooting and also
doing an "IPCONFIG /registerdns" to no avail. I also confirmed
correct
DNS addresses and there is only one network card in the computer. I
also confirmed that the workstation can, in fact, PING all DC's in
it's site including the one in #2 above.

I tried adding a record for this computer into DNS manually just to
see what would happen - no change.

So again, I know it will probably work to add it to a workgroup and
then back to the domain, but I need to understand why this is
happen.

Here are some of the things I ruled out:

* I have confirmed that the computer has been off-line for less than
the number of dates in the "HKLM\System\CurrentControlSet\Services
\Netlogon\Parameters\maximumpasswordage" key.

* The computer has not been rebuilt using the same name without
first
deleting the old name in the domain

* The computer name does not exist in any other DNS domains

I'm at a loss, please help!!

Thank you very much!!

- JayDee- Hide quoted text -

- Show quoted text -

Paul, thanks - but I covered that in my original email - excerpt
below. Any other ideas?

* I have confirmed that the computer has been off-line for less than
the number of dates in the "HKLM\System\CurrentControlSet\Services
\Netlogon\Parameters\maximumpasswordage" key.

- JayDee- Hide quoted text -

- Show quoted text -

That would mean that in a large company that is environmentally
conscience and makes all the employees turn their computers off over
the weekend would many many problems every monday morning. That
doesn't sound right.

Thanks for looking into this and any other reason why this issue may
be occuring in our environment. It seems affected machines have been
recently moved to a different subnet (which should not matter) and
they all share a common OU (which has not recently been restored - and
not all the computers in the OU are affected). And just as a reminder,
the affected computers do not have an entry in DNS but that entry is
properly added back when the machine is removed and readded to the
domain.

- JayDee


.

Relevant Pages
Loading