General discussion

Locked

Unexplainable Disconnect From A Domain

By mdcalvert ·
I have quite few Windows XP PC's that will seem to disconnect from a domain and the Local Administrators group will not show the "Domainname"\Domain Admins instead it shows a long Alpha-Numeric string. This is happening on different domains. The only way to fix this problem that I have found is to drop it down to a Workgroup and then rejoin it to the domain. Why are they being disconnected in the first place? Any ideas???

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by LiamE In reply to Unexplainable Disconnect ...

I'm guessing that string is the domains admin sam key.

As to why it is being displayed instead of the domain admins... well it cant read the AD to see what that key relates to when not part of the domain.

As to why they are dropping, well, my first guesses would be users doing it or a virus. Or are the users just screwing up logging on and going for local rather than the domain? Wouldnt be the first time!

Sorry cant think of anything better at the moment.

Collapse -

by Blackcurrant In reply to Unexplainable Disconnect ...

Hi

If the suggestion above does not help, then post any event entries you have on the XP Pro machines. This will help pinpoint the error.

Good luck

Collapse -

by BFilmFan In reply to Unexplainable Disconnect ...

The workstations are failing to successfully negotiate the RPC secure channel to the PDC. Use NETDOM to reestablish it with the command:

1. Install the Windows Support Tools from the Support\Tools folder on the Windows CD-ROM on the domain controller whose password you want to reset.

2. If you are attempting to reset the password for a Windows domain controller, it is necessary to stop the Kerberos Key Distribution Center service and set its Startup type to Manual prior to continuing with step 3.

Note: After you restart and verify that the password has been successfully reset, you can restart the Kerberos Key Distribution Center service and set its Startup type back to Automatic. Doing this forces the domain controller with the bad computer account password to contact another domain controller for a Kerberos ticket.

3. At a command prompt, type the following command:
netdom resetpwd /server:Replication_Partner_Server_Name /userd:domainname\administrator_id /passwordd:*
where Replication_Partner_Server_Name is the fully qualified DNS or NetBIOS name of a domain controller in the same domain as the local computer, and domainname\administrator_id is the NetBIOS domain name and administrator ID respectively, in the Security Accounts Manager (SAM) account name credentials format.

The "*" value to the /Password parameter specifies that the password should be typed using hidden characters when the command is submitted. For example, the local computer (which happens to be a domain controller) is Server1 and the peer Windows domain controller name is Server2. If you run Netdom on Server1 with the following parameters, the password is changed locally and is simultaneously written on Server2, and replication propagates the change to other domain controllers:
netdom resetpwd /server:server2 /userd:mydomain\administrator /passwordd:*

4. Restart the system whose password was changed (in this example, Server1).

Back to Windows Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums