Over 1 million tech questions and answers.

Domain Controllers

Q: Domain Controllers

We have a primary and secondary domain controller on our network. We use a windows 2000 exchange server as our primary controller and another server as our secondary controller. to start, the active directories are not the same, as they should be between the two servers. how do i fix that?

the other problem I am starting to have is that the Windows xp client machines can't find the domain after being rebooted. I end up having to rejoin the domain in order to get the client machines to log on. If the client logs off, without rebooting, logging back onto the domain is no problem. I think this has something to do with the clients trying to log onto the secondary controller for some reason, and since the active directories arent sync'd, its only causing more problems...can anyone shed some light on the subject? thanks.

RELEVANCY SCORE 200
Preferred Solution: Domain Controllers

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Domain Controllers

Hey DVation, sounds like you need to force replication for Active Directory between your Primary and Secondary domain controllers. Only members of Domain Admins or Enterprise Admins groups can perform this function unless you have been delegated the appropropriate permissions.
Refer to the following link for details:
http://www.microsoft.com/technet/tr...2003/proddocs/entserver/dssite_force_repl.asp
***********
As far as your XP machines go, make sure that your DNS suffix for each PC is correct and that your IP, DNS, and Gateway addresses are correct. Windows 2000/XP use DNS for name resolution in an Active Directory environment. Also, is Active Directory running in Mixed Mode or Native Mode?

Read other 3 answers
RELEVANCY SCORE 62

I have quite a number of DC's and the configuration of port mirroring is something that we just cant take on.

I understand there is going to be a release of ATA where the port mirroring is not a requirement and an agent will take that role on the DC.

Anyone heard of this?

Read other answers
RELEVANCY SCORE 62

Hi Just installed the latest version of Windows 2003 for Small Business (Sp1)

I have installed this OS on a new Fujitsu PRIMERGY TX150 S4.

Now I want just to use this Server as a server on a Workgroup. But the OS insists that it should be the Domain Controller. And then it just shuts it self down. Below is a log from the event viewer. Is there a way around this or will I have to bow down to the might of Microsoft. Just don't really want to configure the entire Lan from workgroup to Domain
Event ID 1014
Source SBCore

This computer must be configured as a domain controller. It will be shut down in 30 minutes. To prevent this computer from shutting down, run Setup on the disk that you used to install the operating system to configure the computer as a domain controller.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
 

A:Domain Controllers - Can anyone help please

Read other 8 answers
RELEVANCY SCORE 61.2

I have only got 2 domain controllers on my network, the primary server deals with all my DNS, file charing etc, server2 is our proxy server but also doubles up as a backup domain controller.
The problem is server2 cannot update active directory from server1
i get the following message when trying to connect to server1 from server2
"The domain controller server1 was not validated because. The RPC server is unavailable"
I am also getting plenty of error events on both servers, the error i am getting on server1 is event 1645
"The Directory Service received a failure while trying to perform an authenticated RPC call to another Domain Controller. The failure is that the desired Service Principal Name (SPN) is not registered on the target server. The server being contacted is daa52d87-1d82-44f1-b032-a6930524e669._msdcs.isenterprisesintl.co.uk. The SPN being used is E3514235-4B06-11D1-AB04-00C04FC2DCD2/daa52d87-1d82-44f1-b032-a693[email protected]
Please verify that the names of the target server and domain are correct. Please also verify that the SPN is registered on the computer account object for the target server on the KDC servicing the request. If the target server has been recently promoted, it will be necessary for knowledge of this computer's identity to replicate to the KDC before this computer can be authenticated. "
I have looked this up on ms.com and found an article explaing a hotfix will fix this. All updates are installed, so it obvious... Read more

A:Domain controllers cant replicate

just been running a few more checks and have seen a descrepancy between the 2 servers
server1
Schema server = server1
Domain server = server1
PDC server = server1
RID server = server1
Infrastructure server = server1
server2
Schema server = server1
Domain server = server1
PDC server = server1
RID server = server1
Infrastructure server = server2 ---- ????

I have tried to change this setting on server2 in active directory operations masters, but it says
"The current domain controller is the operations master. To transfer the operations master role to another computer, you must first conenct to it"
But it wont let me connect to the other DC because it cant find the RPC server!!! argghh
is there another way to alter these settings?? anyone??
 

Read other 1 answers
RELEVANCY SCORE 61.2

Unless i am missing something we cant "detect" a new domain controller added to a enviroment as this is a "regular" task , not sure if admin logging on to new server would trigger in a enviroment that have been running more than 30 days

But 
Adding Domain Controllers to sentisive groups
Listing Domain Controllers not monitored by ATA
List newly created/removed domain controllers

Would be a great feature for future versions

Read other answers
RELEVANCY SCORE 61.2

Hello,

I just swapped out domain controllers and am now having synchronizing issues. It is still looking for the old server that i just replaced and i cant make it look for the new one. Does anyone have any suggestions?

Thanks!!

Read other answers
RELEVANCY SCORE 61.2

i configured a domain controller on my virtualbox and i want to connect another DC to it. the guest machine is windoms 8. the network adapter i used is NAT. first DC IP:192,168,5.2, Gateway: 192.168.5.1, Subnet mask:255.255.255.0 and DNS as the gateway IP. for the second domain controller, server IP: 192.168.5.3, gateway: 192.168.5.1 and DNS as the IP of the first DC..192.168.5.2......i dont know why they are not communicating with each other. The moment i run dcpromo on the second DC it comes up with an error message to check my DNS and the domain name...it comes with this error too, 0x000005B4_TIMEOUT.....CAN ANYONE HELP
 

Read other answers
RELEVANCY SCORE 61.2

greets,

I have an older 2000 server which is a domain controller, I can not for the life of me figure out how to demote the machine so i can rejoin it to a new domain. I do not need two domain controllers in this network.
any ideas on how to? i already tried start>run>dcpromo


I decided to post here since i didn't see a section for server 2000. thanks
 

A:problems with Domain controllers

Read other 7 answers
RELEVANCY SCORE 61.2

Actually, I have 2 DC's 1 Threat Management Gateway, 1 Windows Server (Web Server), 1 Windows Storage Server, 2 Exchange servers and 1 Sharepoint Server and 2 Hyper-V servers. ALL Running Server 2008 R2

Should I be upgrading any of these to SP1?

A:Upgrade Domain Controllers to SP1 or not

Hello Abuttino,

I would recommend to wait until the "official" SP1 RTM is released by Microsoft sometime this first quarter of 2011. Afterwards, it should be available in Windows Update, and for download (standalone version) directly from Microsoft.

Hope this helps,
Shawn

Read other 2 answers
RELEVANCY SCORE 61.2

Hope this belongs here............

I have some questions regarding changing the hardware in my domain controller. Im basically rebuilding it with new Processor, RAM, Mobo, etc.
Its just a desktop computer running Windows Server 2003. I plan to keep all the names of the machine and IP/domain the same. Is there anything I need to lookout for by doing this? I dont want to lose my active directory and user accounts on the machines that rely on this domain controller. Can I just build the new server, set it up as a domain controller with all the same settings and the computers will be aable to log into the new controller with the same users?
 

A:Changing Domain Controllers

Read other 6 answers
RELEVANCY SCORE 60.4

At my work we have an active directory domain. In the root of this domain there are two domain controllers.

ie dc1.mywork.com, dc2.mywork.com

When users login, they always seem to get authenticated by dc2, as you can see the login script running from that server, and when we shut down dc2, no one can login.

(have not shut down dc2 for any length of time to see if dc1 will eventually "take over" the login duties)

Where can I specify which server provides authentication for the domain? Or can I be assured that dc1 will take over for dc2 when dc2 goes down?
 

Read other answers
RELEVANCY SCORE 60.4

I was excited to see that the new ATA 1.6 has a Lightweight Gateway that no longer requires port mirroring by installing it directly on the Domain Controllers. This makes total sense to me and gives me confidence in this ATA team. We have VMWare
and the port mirroring was an issue.
However, we are not excited about the .NET requirement on the Domain Controllers. The installation does indicate it is needed for the setup, but does anyone know if we can uninstall the .NET component once the installation is complete? Any thoughts?
Thanks!
-Srvrgeek

Read other answers
RELEVANCY SCORE 60.4

Hi everybody,
after my last Implementation of ATA (one week ago) I got a strange "condition". It's an implementation with LWGW on all DCs (Server 2012 R2), no seperate gateway installation.
Everything worked like a charm, as always, just worked through the deployment guide. We get alerts on DNS Enums or suspitious AD requests. We see logons on different member servers and clients if we search for them. We see changes to security groups and
we even see if I create a new service on one of the DCs so I guess event forwarding works.
What we don't see: Any logons on the domain controllers. It doesn't matter if I rdp into one of the DCs or via console. If I search for one of the domain controllers and let ATA show the "profile page" of it, the timeline ist just empty. Tried
different DCs, different user accounts, even created new users and new domain admins. ATA doesn't recognize any logon on domain controllers.
I appreciate any hints.

Thanks!

Thanks, regards, tim

Read other answers
RELEVANCY SCORE 60.4

Hi All,
I am trying to configure ATA Lightweight gateway on additional domain controller. I am getting the error.
The Console, https://ata.domain.com,  returned an error while attempting to register  the gateway. For more details, please review the Center error logs.

I can open https://ata.domain.com from the DC without any issue and the Port required for the communication is open.
There is no error in Application or system logs on DC or ATA server.
Center error logs in ATA is also not pointing to any error.

Thank you for assistance.

Read other answers
RELEVANCY SCORE 60

I have over 400 domain controllers. The initial look at ATA seemed to require port mirroring on the DC's and that was just impossible. I was told an agent of some type on the DC's was coming. Is that an option now?

Read other answers
RELEVANCY SCORE 58.8

Can Microsoft please provide methodology for setting up Windows Event forwarding (Sender initiated) for a Domain Controller based on a Windows Server 2012 R2 Core installation? Unfortunately all of your documentation relies on using the local Event
Viewer GUI to set this up. Connecting Event Viewer from a full Server 2012 installation to a Core Installation loses this ability entirely. The only option I've tried to employ so far leverages an .xml file, but I am not sure it is working correctly.

Please note: this is for Windows Security Event ID 4776 ingestion.

Read other answers
RELEVANCY SCORE 58.8

I have the latest version of ATA - 1.9.7312.32791
I have deployed ATA Lightweight Gateway to many domain controllers throughout my organisation from exactly the same "Microsoft ATA Gateway setup.exe" with accompanying .json file in the same folder.

Nearly all the Domain Controllers have been Windows Server 2016 Core with a quiet install via command line.
The installation has worked perfectly with the exception of two domain controllers on the same physical subnet/site.
The installation error code in the log is:
Error [\[]TaskAwaiter[\]] System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:
Failed to validate certificate thumbprint [\[]thumbprint=FC78E602AA1E8BF57CC2270E81788E5ADC511DF4[\]]

Seeing as every other installation worked fine, I suspect something must be blocking or interfering with the certificate being successfully negotiated back at the ATA centre
The likelyhood if being an error with the JSON file is extremely small as the failures occurred in the middle of the installation program, with successful implementations either side of the two that failed.

What can I get the network team to check regarding firewalls, network traffic or blocked ports?

Has anyone seen similar?

Thank you

Chris

Read other answers
RELEVANCY SCORE 58

I want to set all my domain controllers (DC and RDC) to pull time from time.windows.com. In order to achieve this I am planing to create a gp (Computer Configuration/Policies/Administrative Templates/System/Windows Time Service/Time Providers)and
link to Domain Controller OU.
My question is, is it the best thing to do, or is there any risk or best practices with respect to this.

Read other answers
RELEVANCY SCORE 58

After the 1.9 upgrade we got an Timeline event about Brute Force attacks.
When investigating and looking at Event Logs >Security I started to panic when noticing 4776 errors against user: "administrator" and the source workstation was always a domain controller.
This would happen every few seconds.  Stopping the ATA gateway service on the domain controllers stopped this behaviour.
Any ideas or recommendations?
Thanks
The computer attempted to validate the credentials for an account.

Authentication Package:    MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account:    [email protected]
Source Workstation:    DC4
Error Code:    0xc0000064

Read other answers
RELEVANCY SCORE 58

I am attempting to lab up ATA 1.7.1, and am having a similar issue to the following ATA Forum thread: https://social.technet.microsoft.com/Forums/security/en-US/c817193a-9859-48fa-a208-eb644b17005b/service-on-lightweight-gateway-wont-start?forum=mata
Event viewer is showing that the service is attempting to restart, and the ATA logs are full of this error (occurs every 20 seconds):
2016-10-18 23:49:50.2983 856 5 00000000-0000-0000-0000-000000000000 Error [DirectoryServicesClient+<OnInitializeAsync>d__12] Microsoft.Tri.Infrastructure.ExtendedException: Domain controllers are not configured
at Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.<OnInitializeAsync>d__12.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Tri.Infrastructure.Framework.Module.<InitializeAsync>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Tri.Infrastructure.Framework.ModuleManager.<OnInitializeAsync>d__4.MoveNext()
--- End of stack trace from previous location whe... Read more

Read other answers
RELEVANCY SCORE 54.4

I come to you again seeking help. We have a problem with our logon and startup to our Windows 7 Enterprise system. We have more than 3000 Windows Desktops situated in roughly 20+ buildings around
campus. Almost every computer on campus has the problem that I will be describing. I have spent over two months peering over etl files from Windows Performance Analyzer (A great product) and hundreds of thousands of event logs. I come to you today humbled
that I could not figure this out. The problem as simply put our logon times are extremely long. An average first time logon is roughly 2-10 minutes depending on the software installed. All computers are Windows 7, the oldest computers being 5 years old. Startup
times on various computers range from good (1-2 minutes) to very bad (5-60). Our second time logons range from 30 seconds to 4 minutes. We have a gigabit connection between each computer on the network. We have 5 domain controllers which also double as our
DNS servers.
My original posts on:
Technet: http://social.technet.microsoft.com/Forums/en/w7itproperf/thread/e8400dbe-e6b8-4b1d-8851-a03e7af32e6e
Reddit: http://www.reddit.com/r/sysadmin/comments/w5f38/network_logon_issues_with_group_policy_and/
I followed a lot of what you all told me to do from testing the domain controllers with dcdiag and also completing netlogon tests. I did group policy tests where I got rid of the group policy
and just did default policy and it only slightly fixed the prob... Read more

A:Major Network Logon Issues (8 Domain Controllers and 3.5 thousand workstations) DNS, Time Server, DHCP, and Group Policy Errors

Hi,


I would like to suggest using Network Monitor to troubleshoot the issue.


Thanks.

Jeremy Wu
TechNet Community Support

Read other 4 answers
RELEVANCY SCORE 38.8

I wants to perform the specific application under domain admin right for domain user account
I have try create shortcut and type:"runas /user:ComputerName\Username /savecred "C:\path\to\file.exe""
Then, I can run it and pop up the Attention. but  the application is appear "APPSCRASH", when press"Yes" 
If I type local / domain administrator account, it can run application normally.
How to fix it? The application is typing of the dead

Read other answers
RELEVANCY SCORE 38.8

Hello,
Currently we are in the middle of a migration project. We are migrating users from child domains to the root domain of one organization.
The user accounts are migrated with powershell using Move-ADObject cmdlet. This works as expected. The SIDHistory attribute is updated correctly.
Recently we received complaints from some *migrated* users - they lost their default/custom file associations. This happens only on Windows 8/Windows 8.1.
What happens:

the user is migrated and logs onher profile loads and everything's preserved (as expected)the user clicks on a .jpeg file (previously associated with program XYZ)OS asks the user to choose a program to open the file withthe user chooses a default program XYZ and the file openswhen the user clicks on a .jpeg file again - OS asks to choose a program again
i.e. the settings are not preserved.

Our investigation shows that it is connected with the UserChoice registry key and the HASH value under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SomeExt

According to this blog 
the HASH is calculated based on user's SID. But after the migration the user has new SID and the HASH becomes invalid and we hit this:
"However In Win 8, the registry changes are verified by a hash (unique per user and app)  that detects tampering by apps. In the absence of a valid hash, we ignore the default in the registry."
Currently deleting the UserChoice key for all a... Read more

A:File associations are lost when user account is migrated from one domain to another domain (SID changes)

Hello Petar K. Georgiev,
Please check the following article to change the registry key to change back to the default file type associations.
http://www.sevenforums.com/tutorials/19449-default-file-type-associations-restore.html
Please note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Best regards,
Fangzhou CHENPlease remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Read other 2 answers
RELEVANCY SCORE 38.8

Hello everyone,

We are running into a somewhat peculiar issue that I have been unable to find any information about and I was hoping someone here could point me in the right direction.



Several of our Windows 7 laptops (We're working on moving to W10) have become unable to change the password for a domain account from the Change a Password screen after hitting CTRL ALT DEL. Usually when someone would select to change their password,
it would take them to the text boxes with the domain\username pre-populated, I'm sure you are familiar.

Recently, when following the same steps, an account selection screen comes up with the option to use a smart card or simply type in the username. While we are working on implementing smart cards, they are not yet in use and in fact should not even
show any options for them yet. After opting to type in a user account, rather than populating the username field with domain\username, the field remains blank with grey text saying "provider\user name" instead. If the user types in their domain\username
and attempts to change the password, they get a generic error stating it is unable to change the password.



Users are still able to use a co-workers machine to change their password from the same screen by substituting the username. Most of the affected machines are from users that work in the same team, even though those same users can change their passwords
elsewhere just fine. It appears to be isolated to specific ... Read more

Read other answers
RELEVANCY SCORE 38.8

I am trying to add a win 7 pro pc to a domain and I get this error " an attempt to resolve the DNS name of a domain controller in the domain being joined has failed"
I am running win server 2003 can anyone help?

A:error an attempt to resolve the DNS name of a domain controller in the domain being joined has failed

Ok I got it to work I put in the DNSserver address agine same as I did yesterday ( I must have put it in 3 or 4 times) and it din''t work I did it agine today and it worked the frist time. Thank you every one for your help
 
Derrick

Read other 13 answers
RELEVANCY SCORE 38.8

hi,

when i add win 7 client machine to a domain i got this error " an attempt to resolve the DNS name of a domain contrller in the domain being joined has failed" how to solve it . plz help
 

Read other answers
RELEVANCY SCORE 38.8

hi

i have changed the domain of the computer (from say old.net to new.net).
there is a folder shared on another machine on old.net domain. the user X was able to access it. aftter changing his domain from old.net to new.net he no longer can access that shared folder.
User X has working credentials for both domains.

on accessing it it asks for credentials. upon entering his correct user name in the format (old.net\X) he is not able to access it.

i had exactly same setup with another user Y and he was able to access data .

is there anything that i am missing ?

also accessing that folder first time asked for credentials but now it doesnt asks .. why ? there is nothign in credentials manager.

regards

A:cannot access shared folder after changing domain with old domain cred

Hello,

Have you removed/re-added the User's credentials (from the PC with shared folder) with the new domain name?
Also, make sure that the shared folder has Everyone permission in the Security Tab.

Read other 1 answers
RELEVANCY SCORE 38.8

I'm running into a problem with connecting to network drives over a VPN. The common difference is whether or not the computer is part of the domain by default.

1) Computers connecting to VPN using local account on computer: Prompted for a domain login when attempting to use the network drives. Can get in.

2) Computers connecting to VPN using a domain account (but on another network): Unable to connect. Specific error changed based on below info.
A) Computer logged on and connected to an outside network. Never connected to domain network: Can't find folder error.
B) Connects to domain network at some point before connecting to an outside network and using VPN: Might be in use error, attached.

A:VPN Network Shared Drive Error Domain/Non-Domain Differences

Sounds more like the network the VPN connection puts you in has trouble making kerberos connections to domain controllers, but NTLM connections work fine (kerb might be blocked). The errors are likely bogus if you can get #1 to work - if the computer is connected to a domain it's going to want to use Kerb before NTLM, and if the machine still has (what it thinks is) a viable kerb ticket, it's going to try and validate that with a DC (to achieve auth), and if this fails, so does the connection.

This may not actually be the case, of course, but it sure has the symptoms of it.

Read other 1 answers
RELEVANCY SCORE 38.8

Dear Community,

My company use around 700 desktops and laptops on a domain. our file server has a home share drive that the AD links to and then maps when a user logs onto any machine when using their domain account. my problem when I log onto my normal laptop
it says network name is no longer available. when I log onto another machine it connects and maps normally. all other servers UNC name works normally. I can ping it by DNS and IP and can RDP to it but not see any shares.

Please can you help?

Read other answers
RELEVANCY SCORE 38.8

dear all

i have a problem in adding addtional domain controller in my forest domain.

when i try to add additional; domain controller after working few miniutes it gives meessage THE ACTIVE DIRECTORY WIZARD IS UNABLE TO CONVERT THE COMPUTER TO DOMAIN CONTROLLER ACESSES DENIED

ENTER THE USER NAME AND PASSWORD OF AN ACCOUNT WITH SUFFFICIENT PREVILAGE TO CREATE AN ADDITIONA DOMAIN CONTROLLER .

But the user name has full permission he is administrator

please help me
 

Read other answers
RELEVANCY SCORE 38.8

Here is the scoop ... Two networks connected via frame relay line. Two different PDCs and domain names. Can ping internal IP address, but can not browse through Network Neighborhood. Set up WINS on both and when trying to get them to share info I get Connection was aborted by the remote WINS in the event log. I can see the IP addresses for the remote network through the DHCP manager. Any ideas on what I should do to be able to browse the remote network and also set it up so that I can administer it remotely, would be greatly appreciated.
 

A:{Advice Offered} - Domain Browsing in a Multi-Domain Environment

Read other 6 answers
RELEVANCY SCORE 38.8

Hi,

I hit major problems yesterday when a power surge killed my server (despite ups/surge protection!). We have a small set up of 15 win2k machines and one Windows server 2003 all connected under a domain.

Basically all user machines were unaffected but my only method of getting us up and running was installing a fresh version of 2003 server on a new machine. i followed this guide and configured it to use the same domain as last time (hoping that all the client machines would carry on as they were before the server out). i've managed to set up access to shared drives hosted on the network. That is working.

However i am now having these problems on all client machines

Client machines cannot connect to shared printers from another client machine. - Logging on as an administrator to their machine locally (not domain) you can add and print. Simply changing their policies to admin does not allow them access.
Each machines is still connected to the domain (so it says) but if you take them off and try to put them back on the domain i get this error:the following error occurred attempting to join the domain " ". network path was not found
If somebody can help me out i would be very gratefull. I'm alright with basic networking but have never installed Win server from fresh. I like to think i've just missed a simple checkbox or similar!? I've basically followed the guide and have done little else in way of changes, so you should be able to get a good i... Read more

A:Complete Domain Issue! Shared printers & adding domain

Read other 16 answers
RELEVANCY SCORE 38.4

We have been getting sporadic reports from our users of the error, "The trust relationship between this workstation and the primary domain failed."  The workaround has been to dejoin and rejoin the domain, but it keeps happening and we need a permanent
fix.  We are primarily a laptop shop.
It has been suggested we disable the automatic machine accouint password change on our domain members in GPO.  While this may be a viable option with relatively low security risks, I'd really like to figure out why it's happening and try to
fix it. 
The machines can lose the trust relationship at random.  It can happen overnight, or after going into hibernation.  I've had it happen to me a few times.  The DCs (we have 2) both show error 5722, but one is spitting out a specific Kerberos
error that the other one is not:

While processing an AS request for target service krbtgt, the account kriegesh did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 2).
The requested etypes : 18. The accounts available etypes : 23  -133  -128  3  1. Changing or resetting the password of kriegesh will generate a proper key.
My main issue is trying to determine why this continues happening and if we can resolve it without disabling the account password.  If that IS our best option, then so be it.  Any
thoughts are welcome.
Thank you very much in advance!  ~Sarah

Read other answers
RELEVANCY SCORE 38.4

I've got a machine running Windows 7 logged on the network domain but when I try to map a share to a machine on the network, but not registered on the domain I cannot connect (even though I have a local account on the networked machine).When attempting to connect Windows 7 prompts me for my connection credentials and it automatically fills in the domain name.  How can I connect to this network share using credentials that are local to that network share?

A:Logging in to Non-Domain Network Share from computer on Domain

When you say local credentials I assume you mean local on the "TestServer", not local on the Windows 7 box. Then you should be able to just type in TestServer\LocalAccount and the password (the domain you see should automatically switch to "TestServer")Also; have you tried mapping the drive using the IP address (i.e. \\xx.xx.xx.xx\TestShare)?

Read other 14 answers
RELEVANCY SCORE 38.4

Hello everyone.

A while back before I knew better I gave a client of mine an active directory domain that ended in .org and did not exist on the internet at the time. Now, I'm discovering in the DNS event log at regular intervals errors about how the computers in the internal domain are unable to register in the DNS server of the web domain of the same name. So, my question is whether there is something I can do to change the Active Directory domain so that I don't get those errors anymore.
They're running Windows 2003 server standard with Active Directory, roaming profiles, routing and remote access for VPN, DHCP server, standard fileserver, and print server. I may have missed one or two things but likely I haven't. The server has itself as the primary DNS server though it's not the 127 address it's the actual IP. The secondary server is the router but I have the DHCP giving out the servers for opendns.com as options 3 and 4 after the Domain Controller and the router but I had the problem before adding the opendns.com entries.
Anyone know why the local DNS server is trying to register entries in the DNS server of the web domain? Anyone have any ideas on how I can go about fixing it?
Thanks

Joe

P.S. if this is a question more appropriate for another area feel free to move it.
 

A:Oops! my active directory domain is the same as an actual web domain.

bump
 

Read other 1 answers
RELEVANCY SCORE 38.4

Ok, I'm currently being hosted with Dreamhost.com, but my domain is with FXDomains.com. How do I make it so that the domain I have at FXDomains.com will work like the domain I have at Dreamhost.com, for example FXDomains.com provides me with the domain x.com, however Dreamhost.com provides me with y.com. I want to make it so that when someone goes to x.com, it behaves like y.com, such as x.com/forums would go the same place as y.com/forums It's not domain forwarding, it's something ro do with DNS or something. I changed my FXDomains.com's DNS thing to NS1.DREAMHOST.COM, NS2.DREAMHOST.COM & NS3.DREAMHOST.COM so what do I do now?
 

A:Linking an off-site domain provider's domain to my hosting.

Nice to see I was completely ignored.
 

Read other 3 answers
RELEVANCY SCORE 38.4

Hi,

I have a domain joined windows 7pro (64bit) not able to connect to shared folder on a non domain joined pc with windows 7pro (32bit). Only public folders are accessible. I get a do not have permission message, I tried adding the domain\user to share permissions but domain is not recognized on the non domain-joined pc.

Does my domain admin have access to the homegroup and the shared folders on the home pc?

What are my options for access to a non public secure folder on the non domain pc from the domain joined pc.


Sorry for the awkward description, don't know how else to describe the situation.

my apologies if these questions were addressed elsewhere, I could not find any relevant threads.

Thanks

A:Domain joined pc, does domain admin have access to my homegroup

Hi Takatso, welcome to sevenforums. As I read you post, it looks like you are logged into your domain joined PC as a domain user is this correct? If so, your PC will be treated as acting as a part of the domain. If you then try and connect to another pc at home, there will be a problem as your home pc is not recognised by the domain pc as part of the domain. You should set yourself up a user account on the domain pc whilst it is NOT connected to the domain, login to the new account whilst not on the domain and then try sharing the folders with the non-domain pc.

No, your does not have access on the home computer as they are part of the domain and not the homegroup.

Read other 1 answers
RELEVANCY SCORE 38.4

I don't even know how to word the question. Here is what I got.  I apologize in advance if this is posted in the wrong place.  I will gladly repost if necessary.
I have one Windows 7 desktop (out of a couple of 100 Windows 7 and 10 machines) that I have put onto our domain.  When the user turns it on she gets the domain "username/password screen", logs in and all is good.  A few times
over the last several months the computer is turned on and the user does not get the domain login screen but boots right to local desktop.  This computer is no longer connected to the domain.
I assumed the user did something so I put the computer back on the domain.  I logged in as user and it created a new profile.  All programs that I installed were not there including Office products, AV products etc.  Could not find any reference
on the hard drive that they ever were there.  This user now has username.000 001 002 etc.  When I put the pc back onto the domain I also copy documents from the previous profiles that I have found.  All profiles will have the same date which
corresponds when the issue presents itself. 
Restore points are not there.  Windows updates are run as if this is a new machine out of the box.  I am completely baffled. All help is appreciated.

Edited - I have noticed that my event log has several entries dated from when we purchased the pc and then the date ski... Read more

Read other answers
RELEVANCY SCORE 38.4

I've been trying to join a new Windows 7 Professional machine to a domain controller running Windows 2003 Server with no luck.  We currently have 4 Windows XP machines running on that domain without any issues, but when I try to add the Windows 7 computer,
here is what happens:

A computer account on the domain could not be found (confirmed it is already there)
I put in the computer name and domain again, and Administrator credentialsNow it tells me: "An attempt to resolve the DNS name of a DC in the domain being joined has failed."
I currently have DNS on the Windows 7 PC set to the Domain Controller and have IPv6 unchecked under Network Properties.  I can even ping the domain name (resolves to IP of the domain controller).  It looks like it can, indeed, find the domain from
the message in step 1, so am I missing something here?
Thanks in advance for any help!

A:Cannot join Windows 7 to domain even after setting DNS to domain controller IP

Hi,
You need flush your DNS cache in client side first.
Then, let?s create the following registry value for a try:
HKLM\System\CurrentControlSet\Services\LanManWorkstation\Parameters
 
 - Created a DWORD DomainCompatibilityMode = 1
 - Created a DWORD DNSNameResolutionRequired = 0
Reboot the machine and check the result again.Alex Zhao
TechNet Community Support

Read other 17 answers
RELEVANCY SCORE 38.4

Hi everyone!
Noticed, that if I try to access a shared folder located on domain computer from non-domain computer, typing \ \ computername\sharename, pop-up authentication window appears after some time (30-80 sec). But, if I type \\computername  without pointing
sharename, pop-up authentication window appears instantly.
If I run created shortcut for this share - pop-up authentication window appears instantly.
I can easily reproduce this problem, it appeared on all machines I was testing.

Can it be fixed somehow? In my scenario, I can not use net use cmd.
Thanks.

Read other answers
RELEVANCY SCORE 38.4

Hello everyone,

So on my work laptop yesterday i got disconnected from the network, and upon trying to reconnect i had internet access but no network access, ran through some diag, was able to ping my other work station, ip,dns and dg where all fine, checked for dns records issue, none found. so i removed it from the domain and tried re-adding it, and this is where the problem is no matter what i do i cannot add this laptop on the domain. i get full internet access on the network but no network access. i know the Dns server is functioning perfectly and cant be the issue, i have also flushed dns, rebuilt tcp/Ip stack and removed all lan and wlan profiles. i am also getting a certificate error when trying to access the network on wlan.

Using my local admin here are some print screens of first the issue when trying to add the laptop back to the domain, then Ping results to my DNS server .

after removing the machine from the domain it now no longer picking up the correct DNS server.

Would assigning a new DNS record resolve the issue???

he following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "bareesc.bareescentuals.com":

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for
_ldap._tcp.dc._msdcs.bareesc.bareescentuals.com

Common causes of this error include th... Read more

A:An active directory domain controller for the domain could not be contacted

Funny enough, we've found a handful of users on our network today unable to access local resources for the same reason!

Your DNS settings are being hijacked. They should point at your DC, but instead are pointed at a malicious DNS server hosted somewhere in Israel. Give your computer a good bath before letting play with the other children again.

We're currently in the process of mediation around here, too.

Hope that helps!

Read other 2 answers
RELEVANCY SCORE 38.4

Can I access a network share on the domain with a non-domain computer? I would connect the computer directly to the corporate network. 
For what reasons could this be blocked (firewall? policy? settings on server-side?) and what configuration is needed to make sure it is possible to access a network share with a non-domain computer?
Thanks already for your help!

Read other answers
RELEVANCY SCORE 37.6

I have an employee that gets this upon every boot on his assigned laptop. I have utterly no idea what it means or how to correct it. Help needed please.
 

A:Error: Domain controller could not be found for the specified domain.

Check the machine account. You might also delete it and recreate it. This may require a domain admin to rejoin the machine to the domain.
 

Read other 2 answers
RELEVANCY SCORE 37.6

Hello,

We have a server set up with serval computers t. I formated a pc that was on the domain and now trying to attach it back to domain and i get the message.

Domain Contriller could not be contacted
I putted all the settings same as the other pc's..

i'm also getting the message " ip adress already in use. but i'm using the same ip as the pc had before i formated the pc. is this the reason that i get the message , Domain Contriller could not be contacted

i also can ping from the pc. to the server

Any Ideas?

thanks for the help
 

A:Problem:A domain controller for the domain could not by contacted

sorry i mean i also get the message " a duplicate name exist on the network"
 

Read other 1 answers
RELEVANCY SCORE 37.6

I need to deploy for 1 enterprise have 1 forest with multi domain, and child domain. And i want ask you that  can I deploy 1 ATA gateway to collect all network traffict from all domain, and is need this ATA gateway server join domain. If it need to
join domain, its  should join domain root, or it can join any domain belong this forest. 
Thank you.

Read other answers
RELEVANCY SCORE 37.6

I have PCs sitting in a shared area and I would like to prevent users from different domain to logon to my computers. How do I do that with GPO? I searched internet and they suggested "Deny logon locally" I don't think that applies to
my case. Said, my users from DomainOne, I don't want users from DomainTwo, DomainThree, etc to logon and use my department computers.
Thanks,

Thang Mo

Read other answers