General discussion


Machines Lose Domain Membership

We just completed a network migration, all servers are win 2k3 and clients XP Pro sp2. We have experienced some machines losing their domain membership periodically for no reason. A good number of these machines are hubs. We suspect that there is communication issues and/or issues with these machine accounts and passwords. There is nothing in the logs that give a clue as to what is happening. Anyone see this before? Suggestions?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by HAL 9000 Moderator In reply to Machines Lose Domain Memb ...

I would be looking at the servers for the problem. Depending on what is installed on these it sounds as if you are experiencing Synchronization Problems that is allowing some units to drop off the network.

You'll have to look in the Permission of the server/s and reset these to what is required.

A little more info may have generated a more informed answer but that is the best that I can come up with without knowing more as I do not know what to tell you to change.


Collapse -

by CG IT In reply to Machines Lose Domain Memb ...

not sure what losing domain membership actually means. When a computer joins a domain the local machine is now part of the domain and not a workgroup. Depending upon what authentication protocol is used for the domain [like Kerberos]the local machine has a SID [computer account] it uses to identify itself to the domain during authentication. The computer account is not the same as a user account.

Collapse -

by CG IT In reply to

If your having problems with users being able to log on or communicate with the DC, look first at hardware to rule out faulty cables, NICs, RJ45 sockets, and the like. Then look at the authentication methods.

Collapse -

by CG IT In reply to

If the machine accounts are actually removed from Active Directory I would suspect an intrusion.

Collapse -

by BFilmFan In reply to Machines Lose Domain Memb ...

When you say that the machines are "hubs" did you mean they are intelligent switches?

Or did you mean they are computers acting as routers?

One of the things to check on your network is that ports 135-138 are not locked down. If they are, the RPC secure chanenl will fail and the systems will "drop" off the domain, but will remain visible in AD. When the tombstone period is reached (60 days, unless you have changed it), the object will be removed from Active Directory.

More information is needed to assist you with this issue, but I suspect that it is the RPC secure channel one that has been endlessly discussed in this forum.

Collapse -

by BFilmFan In reply to

Based on your commentary, I have a better understanding of the issue you are seeing. Pull the DCDIAG tool off the Windows CD or download it from Microsoft (it's free) and then run the following command line:

dcdiag /v /e /f:dcdiagLOG.txt /ferr:dcdiagERROR.txt

Search to see what errors are being reported by the domain controller. This will give us a better idea of what is happening.

Collapse -

by rAGING mONK In reply to Machines Lose Domain Memb ...

Sorry, the Machines are not hubs themselves, but some are ON hubs. In other words, the offices where some of the machines reside did not have enough drops to get back to our switches. Therefore, we used some dumb hubs to connect machines and printers in some locations. Not all of our problems are with these machines, but it seems to happen more frequently to machines on hubs. We are not blocking any ports specifically. We do have Windows Firewall enabled on most machines, but there a few that have lost their domain memberships that do not have the firewall on. Some of the machine accounts are still in AD after they lose their memberships, some are not. The problem is very inconsistent and happens everyday to random machines. A few machines have lost their membership multiple times, only a day or two apart.

Collapse -

Check TOE

by shaun.hill In reply to

Not sure if this applies to you but I've seen this problem before. Firstly though do the machines go back onto the domain after a reboot?

If this is the case check TOE is turned off on the NIC. Some switches don't support it and I've seen server drop off the domain but after a reboot they work for a couple days before having to reboot again.

Collapse -

computer dropping of the domain.

by H@rd2Tell In reply to Machines Lose Domain Memb ...

I have this issue that occurs in one room. This room is also in another builiding. The other rooms don't have this problem. However the problem room does not have problems with all the PC's. I think 1/3 of them have this problem. I recently remoted into the one pc, patched it and rebooted it and then I could no longer remote into it. I could however log into the domain from the box locally and could RDP out from that pc to PC's , servers, etc in other rooms and buildings. I decided to delete the computer object from Active Directory and then create a new computer object, go to the PC, put it in a workgroup, restart it and then join it to the domain again. This worked fine, I had access from the machine and it could be remoted into. However once the PC was rebooted by the remote user, it could not be remoted into. I should add the Records in DNS are fine and I don't see any duplicate objects anywhere nor any conflicing IP addresses. These workstations use static IP addresses

Related Discussions

Related Forums