Re: workstation account AD login

From: "Ace Fekay [Microsoft Certified Trainer]" <firstnamelastname@xxxxxxxxxxx>
Date: Mon, 16 Mar 2009 22:05:20 -0400

"Tester" <calinguga@xxxxxxxxxxxx> wrote in message news:60ad9cdd-d72b-46e3-8633-ad7df7129503@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Server ipconfig /all
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : servername
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
domain1.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II
GigE (NDIS
VBD Client)
Physical Address. . . . . . . . . : MACaddress
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : DNS_IP1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : Gateway
DNS Servers . . . . . . . . . . . : DNS_IP1
DNS_IP2
Primary WINS Server . . . . . . . : DNS_IP1
Secondary WINS Server . . . . . . : DNS_IP2

C:\>

Workstation ipconfig /all
C:\>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : workstationname
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
domain.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : domain.com
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx
Gigabit Cont
roller
Physical Address. . . . . . . . . : MAC address
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : DHCP_IP
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : Gateway-same-as-on-the-
server
DHCP Server . . . . . . . . . . . : DNS_IP1
DNS Servers . . . . . . . . . . . : DNS_IP1
DNS_IP2
Primary WINS Server . . . . . . . : DNS_IP1
Secondary WINS Server . . . . . . : DNS_IP2
Lease Obtained. . . . . . . . . . : Tuesday, March 10, 2009
8:54:59 AM
Lease Expires . . . . . . . . . . : Sunday, March 15, 2009
8:54:59 AM

C:\>

Under DNS suffix search list on the workstation I only have domain.com
listed twice instead of domain.com and domain1.com[I use 2 domains
domain.com is for AD domain1.com is another internal Unix domain with
some Unix hosts]

Workstation system log errors:
event id 5721 netlogon error, categ none
The session setup to the Windows NT or Windows 2000 Domain Controller \
\server.domain.com for the domain domain failed because the Domain
Controller does not have an account for the computer Laptop.

source lsasrv, categ spnego event ID 40961 type warning
The Security System could not establish a secured connection with the
server cifs/server.domain.com. No authentication protocol was
available.

source lsasrv categ spnego event id 40960 type warning
The Security System detected an attempted downgrade attack for server
cifs/server.domain.com. The failure code from authentication protocol
Kerberos was "The referenced account is currently disabled and may not
be logged on to.
(0xc0000072)".

Workstation name was listed in the AD and also had a DNS record, I
checked on the server although the error message above indicates
otherwise.

Thank you,
T

I had to take a few moments to figure out what you posted trying to munge the IP addreses. Keep in mind, I respect keeping things private, on the other hand, if you are using private IPs internally, there really isn't any worry since they are not routable.

When was the last time the laptop was physically on the network? Was it recent or is the laptop user primarily a remote user? I've seen this with remote users that pop into the office every couple of months and have trouble logging in due to the machine account kerb ticket not being refreshed.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
aceman@xxxxxxxxxxxxxxxxxxxxxxx

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

.

References:
- workstation account AD login
  - From: Tester
- Re: workstation account AD login
  - From: Lanwench [MVP - Exchange]
- Re: workstation account AD login
  - From: Tester

Prev by Date: Re: DNS Stops resolving intermittently
Next by Date: Re: varius DNS issues
Previous by thread: Re: workstation account AD login
Next by thread: 2 domains same server name
Index(es):
- Date
- Thread

Relevant Pages

RE: Adding an R2 Server as a 2nd DC, wont allow....
... Windows 2003 Standard servers each running as a DC and DNS server. ... Ethernet adapter Local Area Connection: ...
(microsoft.public.windows.server.setup)
Re: The target principal name is incorrect?
... Windows IP Configuration ... Ethernet adapter Local Area Connection: ... Connection-specific DNS Suffix. ... ADC SERVER ...
(microsoft.public.windows.server.active_directory)
Re: "server is not accessible"
... Do you install the Windows server 2003 sp2 on the SBS or backup server? ... |> Ethernet adapter Server Local Area Connection: ...
(microsoft.public.windows.server.sbs)
Re: DNS problem local network with wireless router
... I am using the AD server as the local DNS Server and added my DSL Router ... Wireless router has DHCP and provides addresses to wireless clients and up ... Windows 2000 IP Configuration ... Ethernet adapter Local Area Connection 3: ...
(microsoft.public.win2000.dns)
Re: workstation DNS resolution problem with DHCP reservations
... Windows IP Configuration ... Connection-specific DNS Suffix. ... reservation clients, as well as the DNS server list. ...
(microsoft.public.win2000.dns)