XP logon problem to a server 2003 domain.

janesssssy · 18 Jun 2008 at 15:28

I get this problem often on a dozen or so clients:

"Windows cannot connect to the domain either because the domain controller is down or otherwise unavailable, or because your computer account was not found."

i take the client off the domain and delete the computer from AD and then rejion the domain and log on. This works for a couple of days then i have to start all over again. Its driving me potty, I think its to do with the SIDS but am unsure on how to fix the issue.

Any help would be appriaciated. :cool:

madman045 · 18 Jun 2008 at 15:53

Im assuming when the machine was built using a system image, it was syspreped first? if not thats the easiest way to duplicate SIDs. also im assuming the DC is listed as the primary DNS on the machine if you log on locally?

Something else to try is take the machine off the domain and delete it's account from AD, then run new sid on it and then rejoin the domain.

http://technet.microsoft.com/en-us/sysinternals/bb897418.aspx

PS: I take no responsibility for you running this and you do it at your own risk.

J1nxy · 22 Jun 2008 at 17:46

If you are running multiple DC's make sure they are replicating as well.

brendy · 22 Jun 2008 at 18:10

Check the machines have valid gateways, dns etc also these can cause sporadic issues.

wasc · 23 Jun 2008 at 20:40

janesssssy said:
I get this problem often on a dozen or so clients:

"Windows cannot connect to the domain either because the domain controller is down or otherwise unavailable, or because your computer account was not found."

i take the client off the domain and delete the computer from AD and then rejion the domain and log on. This works for a couple of days then i have to start all over again. Its driving me potty, I think its to do with the SIDS but am unsure on how to fix the issue.

Any help would be appriaciated.

Are you cloning these machines or something? This sounds like the sort of error you get when you have two or more machines on the network with the same computer name. Active directory does contain a user account for the computers to log in with, and these passwords are automatically changed regually. Therefore when one machine changes the pw, the others stop working.

if you are cloning these machines, then next time you are adding a clone, do the following;
a) UNPLUG the network cable and then remove it from the domain with the cable unplugged. This prevents the machine from removing itself from AD
b) Plug the network cable in, and add the machine to the domain with a unique name.

Uncle Gord · 28 Jun 2008 at 14:21

What troubleshooting have you done prior to removing/readding to the domain? Sounds like the netlogon service has lost it's secure channel to the domain.. Tried restarting it?

janesssssy · 6 Jul 2008 at 16:50

Reason was to somwone cloning the machines and the SIDs were duff! cant be bothered to explain it further than that

sorry.

LordSplodge · 7 Jul 2008 at 17:56

Find out who and hit them with a large Sysprep shaped object.

I was about to suggest you check DNS but I guess not as it was user error (as always!

)

.walls · 7 Jul 2008 at 19:30

To fix the boxes without rebuilding, you can use newsid from sysinternals (now owned by MS) on each box, however, this is not supported by MS.

a1ex2001 · 11 Jul 2008 at 14:09

newsid is brilliant, i've never had a problem with it, use it all the time for making copies of VMs.

.walls · 11 Jul 2008 at 23:50

a1ex2001 said:
newsid is brilliant, i've never had a problem with it, use it all the time for making copies of VMs.

Nor have I - and I have used it **** loads - however, MS don't support it, so I thought I should make the discailmer!!