Active Directory / Domain issue

ehenry

Commander
Joined
Jan 6, 2002
Messages
2,393
We use active directory and have a registered domain name. For the most part we have no issues. However, I have a couple pc's on network that have to be rejoined to the domain whenever they have to be restarted for an update or software install. No user can signon to the domain from these machines until they are rejoined. The machine account is not disabled nor is the user account locked out. I can sign on the the machine itself with the domain admin signon and rejoin the domian and the problem is fixed until they have to be restarted.

Any of you admins out there experience this?
 

i386

Captain
Joined
Aug 24, 2004
Messages
3,548
Re: Active Directory / Domain issue

I can sign on the the machine itself with the domain admin signon and rejoin the domian and the problem is fixed until they have to be restarted.

Any of you admins out there experience this?

Did you mean to say you can sign on with the LOCAL admin account?

What's the error when you can't logon?

Anything in the workstation or domain controller event viewer?

DNS configured correctly on the workstation?
 

ehenry

Commander
Joined
Jan 6, 2002
Messages
2,393
Re: Active Directory / Domain issue

These machines are cookie cutter machines. By that I mean that we have a standard image that is loaded on to every machine we put out. Once the machine is joined to the domain, the domain admin becomes the local admin of the machine through the domain policy. I see nothing in the event viewer and DNS server addresses are obtained automatically.
 

lowkee

Lieutenant Commander
Joined
Dec 13, 2008
Messages
1,890
Re: Active Directory / Domain issue

Machine name is used elsewhere? Reboot is failing and the registry is getting reset to the last good one (last boot prior to being added)?

Were these the last two machines added to the domain, or were there others since then? Maybe a license limit reached? .. although I would think it would tell you.

Granted, I am a LAMP guy, so all of this is guessing. I use FreeBSD for servers ;)
 

i386

Captain
Joined
Aug 24, 2004
Messages
3,548
Re: Active Directory / Domain issue

I've had stations that needed rejoining from time to time, but no repeat offenders that I can think of. Just some things that come to mind...

Can you ping the workstation and access its \\hostname\c$ when it won't logon?

Does your disk cloning solution provide a means to change the SID?

Does resetting the computer's account in Active Directory Users & Computers help?

How about moving the computer to a different OU?
How about moving the computer to a different OU and then moving it back?

Once you do get the computer logged on is getting the GPO's it's supposed to? (gpresult or GPMC query)

Might find some troubleshooting info here even though the problem doesn't exactly match yours:

http://www.symantec.com/connect/forums/cant-login-pc-using-domain-account-after-imaging
 

Scooch_2

Petty Officer 2nd Class
Joined
Aug 5, 2002
Messages
145
Re: Active Directory / Domain issue

My company had an issue with a buggy version of Macfee antivirus and the Macfee host intrusion protection. It would corrupt the security token and would eventually lead to no network connectivity.

If the version of Antivirus isn't the issue. I would make sure you are using the latest network drivers on your DC's as well as these problem PC's. I would also swap our their patch cords at the PC and switch end just in case you have a bad cord somewhere (has happened to me occasionally).
 

lowkee

Lieutenant Commander
Joined
Dec 13, 2008
Messages
1,890
Re: Active Directory / Domain issue

I'm curious, what was the solution to this issue? Not a MS person, so it'll be nice to know in case I'm ever forced to deal with MS crap.
 
Top