Access denied to domain after joining the domain, HELP!
From: Donald P Crawford (crawford_at_ksu.edu)
Date: 06/10/03
- Next message: Saben: "Disable right-mouse button"
- Previous message: Saben: "need help removing 818043"
- Next in thread: Steven L Umbach: "Re: Access denied to domain after joining the domain, HELP!"
- Reply: Steven L Umbach: "Re: Access denied to domain after joining the domain, HELP!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 10 Jun 2003 07:22:43 -0700
Greetings,
We recently started having some problems with accessing
domain resources after adding a computer to the domain.
When the computer is NOT in the domain, user can logon
and access resources with no problem. Immediately
after adding the computer to the domain, we see the
following two errors in the system logs:
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5789
Date: 6/9/2003
Time: 1:38:12 PM
User: N/A
Computer: RCP0006
Description:
Attempt to update DNS Host Name of the computer object in
Active Directory failed. The updated value
was 'rcp0006.dept.schoolname.edu'. The following
error occurred:
The security context could not be established due to a
failure in the requested quality of service (e.g. mutual
authentication or delegation).
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5788
Date: 6/9/2003
Time: 1:38:12 PM
User: N/A
Computer: RCP0006
Description:
Attempt to update HOST Service Principal Names (SPNs) of
the computer object in Active Directory failed. The
updated values were '<UNAVAILABLE>' and
'<UNAVAILABLE>'. The following error occurred:
The security context could not be established due to a
failure in the requested quality of service (e.g. mutual
authentication or delegation).
The computer welcomes us to the domain and looking at the
Active Directory on the server we see the computer has
been added. Nothing suspicious appears in the server
logs.
After rebooting the computer, we logon to the domain with
no errors. We then try to access the server and we
receive the following error:
\\servername is not accessible.
There are currently no logon servers available to service
the logon request.
Looking at the local system log we see the following,
both of these are slightly different then the ones above:
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5789
Date: 6/9/2003
Time: 1:44:26 PM
User: N/A
Computer: RCP0006
Description:
Attempt to update DNS Host Name of the computer object in
Active Directory failed. The updated value
was 'rcp0006.dept.schoolname.edu'. The following
error occurred:
Could not find the domain controller for this domain.
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5788
Date: 6/9/2003
Time: 1:44:26 PM
User: N/A
Computer: RCP0006
Description:
Attempt to update HOST Service Principal Names (SPNs) of
the computer object in Active Directory failed. The
updated values were '<UNAVAILABLE>' and
'<UNAVAILABLE>'. The following error occurred:
Could not find the domain controller for this domain.
In the application log we see:
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 6/9/2003
Time: 1:44:30 PM
User: NT AUTHORITY\SYSTEM
Computer: RCP0006
Description:
Windows cannot determine the user or computer name.
Return value (1908).
Again, nothing appears suspicious in the server logs.
We have verified the problem on several PCs so far. We
were in the process of preparing a school lab and had
reformatted several machines.
We imported the domain servers LMHOSTS file, and
an 'nbtstat -c' reflects the server and domain info
correctly.
Two recent changes were made to the server around the
same time we started having these problems. Installed
Q811114 security update at the end of May, and we also
granted the "Create Computer Objects" and "Delete Computer
Objects" Access Control Entries (ACEs) to Authenticated
Users as per KB251335. We have uninstalled that security
patch and the problem persists. We also removed
permission for Authenticated Uses that we had granted.
Still no change in the problem.
Computers that have been in the domain prior to us seeing
these problems, haven't experienced errors yet. However,
we have another server in the domain that has started
getting the same error:
\\servername is not accessible.
There are currently no logon servers available to service
the logon request.
When we restart IPSEC service on that server, the problem
goes away.
Restarting IPSEC on the workstations does not cause the
problem to go away.
Folks, we are in a pinch and we have been fighting this
problem for about two weeks... Any help or tips would be
greatly appreciated!
- Next message: Saben: "Disable right-mouse button"
- Previous message: Saben: "need help removing 818043"
- Next in thread: Steven L Umbach: "Re: Access denied to domain after joining the domain, HELP!"
- Reply: Steven L Umbach: "Re: Access denied to domain after joining the domain, HELP!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
