thanks for reply and sorry for being unclear. The eventID 5723 as per my previous post is generated on the domain controller. These are the events generated on the client side: (please note they were translated from a non-english system, hopefully they're clear enough:
Source: LSASRV Category: SPNEGO EventID: 40961 Protection System could not establish a secured connection with server cifs/dc.domain.local. No authentication protocol was available Source: NETLOGON Category: None EventID: 5721 Session installation on Windows NT or Windows 2000 domain controller \\dc.domain.local was unsuccesful because domain controller has no computer account for the computer "computername" Source: W32time Category: none EventID: 18 NtpClient time provider was unable to establish a trust relation from this machine to domain domain.local in order to syncronize time in protected mode. Trust relation between this workstation and the primary domain was unsuccesful (0x800706FD). One of the DCs has a SQL server to support a SMS 2.0 installation but i can't figure any interactions with a client authentication. I am about to thoroughly read the Q article you suggested me. From a quick check, the only relevant policy i could find is "microsoft network server: digitally sign up communication if client agrees" set ENABLED on the default DC policy. I have been working on this issue for a short time. People working here for longer says this might have happened exclusively (or mainly) on winXP workstations, but take this as an unreliable piece of information. Please let me know if you need more detailed information. I appreciate your support. Thanks!! > -----Messaggio originale----- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Per conto di > Michael Wassell > Inviato: venerd́ 6 febbraio 2004 15.09 > A: [EMAIL PROTECTED] > Oggetto: RE: [ActiveDir] computer account issues > > A little bit unclear, but I have browsed through the > Microsoft KB regarding that event id and this article was a match. > > http://support.microsoft.com/default.aspx?scid=kb;en-us;823659 > > Search in the page for "5723" (without quotes). It is under > the digitally sign communication (always) category. That may > be a first step to determining the cause? > > I also noticed that this error can be generated by SQL Server. > > Is this error being generated in the event log on the server? > Or on the machine itself? > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of J0mb > Sent: Friday, February 06, 2004 8:43 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] computer account issues > > good morning list, > > I am getting a weird problem lately. Our AD architecture is > made of 1 forest, 1 domain, 4 sites spanned through WAN > links. There are approx. > 2500 nodes in the forest, there are 2 DCs at each site, a DC > is configured as GC at each site. > > Randomly, with no apparent recurrent pattern, we get the eventID > 5723(netlogon) error from some machines (i would say some 4-5 a day). > > ------------------ > > The session setup from the computer <computer name> failed > because there is no trust account in the security database > for this computer. The name of the account referenced in the > security database is <computer name>$. > > The error code is 0xC000018B > > ------------------ > > The client is not able to authenticate to the DC anymore. The only (to > me) known resolution is to rejoin the machine to the domain. > > Would anyone suggest me a resolution, or correct steps for > troubleshooting? > > I've already checked on eventid.net, and looks like none of > the suggestion is relevant with my architecture. We're > running a native mode windows 2000 domain. > > The error code states that the computer account has been > deleted. How can it this happen? How can i audit operation > attempts on computer accounts? > > Thanks!! > > Alex > > > > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
