Computer Accounts time out

  • Thread starter Thread starter Harry Zahlis
  • Start date Start date
H

Harry Zahlis

We are having computer account automatically disable
themselves. I have read KB articles that state computer
account passwords expire after 30 days and then change.
This is about the same amount of time the accounts seem
to "disable" This causes us to rest the machines and then
re-add them to the domain - quite a pain with over 1000
computer lab accounts. I am not sure what is causing
this...

Any thoughts, clues, guesses, etc would be appreciated.

Harry
 
When you say "disable" are you actually seeing them with red "x" in aduc or
do they just start having secure channel problems.
What type of clients are these (xp, 2k, etc), what service pack are they at,
and is there any commonality among the ones that you've see n this happen
too so far (all on same subnet, using same hub/switch/router/etc, doing the
same thing, etc).
Are you seeing any events in the logs like 5722 or 5709 etc that are related
to this problem.
Is there a dc local to these machines, or do they have to go across a wan to
get to a dc.

One thing that you can try, if you havent' already, is to use Netdom to
reset their secure channel. Many times this will work, and saves the time
of dropping to workgroup etc.
329721 Description of Netdom.exe Syntax and Versions
http://support.microsoft.com/?id=329721

Don't know if it is anything that you'd want to do, and won't "correct the
problem", but the time between secure channel resets can be changed in
registry if memory serves me right.

--
David Brandt
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.
 
It was a late night - wasn't as thorough as I should have
been...

We have Windows XP machines (approximately 1100). We get
the error message, "The system cannot log you on to this
domain because the system's computer account in its
primary domain is missing or the password on that account
is incorrect" or something to that affect. The accounts
are not disabled with a red "X" in aduc. These computers
have a software installed which freezes the machine so
that students can not change the machine
configurations/software applications (Deep Freeze by
Faronics).

All Machines have the most recent Service Packs and are on
various switches across the campus. All are on the same
subnet. We have not tried to reset the secure channel yet
but will do so. So far the probelm has not happened on
all of the computer accounts, just a few of the computer
labs in different buildings.

There doesn't appear to be 5722 or 5709 errors in the
event log but there are a lot of W32 and ntp time errors.
All computers log on to local DC - nothing over a WAN.

Thanks for your help!

Harry
-----Original Message-----
When you say "disable" are you actually seeing them with red "x" in aduc or
do they just start having secure channel problems.
What type of clients are these (xp, 2k, etc), what service pack are they at,
and is there any commonality among the ones that you've see n this happen
too so far (all on same subnet, using same
Click to expand...
hub/switch/router/etc, doing the
 
This looks like it is a Deep Freeze issue. Newer release
of their Enterprise software solves Computer Account
dropping from domain, according to tech support.

Thanks for the help...

Harry
 
Back
Top