G
Guest
Hello All,
I work at a public library and we're running Windows 2000 Professional on
all of the patron computers and Windows 2000 Server on our server. The
server also runs as a PDC.
Recently, we purchased and installed a security program called PCRefresh
that allows the computer to 'refresh' itself whenever the computer is
restarted. For example, if a computer becomes infrected with a virus,
restarting the computer will restore the computer to it's original settings
that we specified.
Unfortunately, we've been noticing an error that comes up about once a month
on all of the locked-down machines. The error reads:
"System cannot log you on to this domain because the systems computer
account in it's primary domain is missing or the password on that account is
incorrect."
The only way we've been able to resolve the problem is to turn off
PcRefresh, disconnect and reconnect from the domain, and re-enable PcRefresh.
The whole process takes about 20 minutes, but with 50+ computers, it's
becoming tiresome.
After speaking with the creators of PcRefresh, their technicial support
staff suggested that we enable the "Prevent System Maintenance of Local
Account Password" in the Default Domain Policy in our server's Active
Directory, but that did not fix our problem..
Their technicial support also mentioned to use the 'dnsquery' command on the
server, but I believe that the Tech. Support team was using Windows Server
2003 to test this problem. We've searched the Microsoft website for Windows
2000 Active Directory updates/service packs that include the 'dnsquery'
command, but
have not found anything.
My supervisor and our computer conslutant team seem to think that the client
computer's SIDs are trying to authenticate to the PDC, and once a month, they
are unable to be authenticated, thus giving us the error.
My question is: Is there any way to disable SID authentication and still
allow access to the domain?
Thanks for your time.
Joey Rawlings
Computer Services Technician
Charles County Public Library
LaPlata, MD
I work at a public library and we're running Windows 2000 Professional on
all of the patron computers and Windows 2000 Server on our server. The
server also runs as a PDC.
Recently, we purchased and installed a security program called PCRefresh
that allows the computer to 'refresh' itself whenever the computer is
restarted. For example, if a computer becomes infrected with a virus,
restarting the computer will restore the computer to it's original settings
that we specified.
Unfortunately, we've been noticing an error that comes up about once a month
on all of the locked-down machines. The error reads:
"System cannot log you on to this domain because the systems computer
account in it's primary domain is missing or the password on that account is
incorrect."
The only way we've been able to resolve the problem is to turn off
PcRefresh, disconnect and reconnect from the domain, and re-enable PcRefresh.
The whole process takes about 20 minutes, but with 50+ computers, it's
becoming tiresome.
After speaking with the creators of PcRefresh, their technicial support
staff suggested that we enable the "Prevent System Maintenance of Local
Account Password" in the Default Domain Policy in our server's Active
Directory, but that did not fix our problem..
Their technicial support also mentioned to use the 'dnsquery' command on the
server, but I believe that the Tech. Support team was using Windows Server
2003 to test this problem. We've searched the Microsoft website for Windows
2000 Active Directory updates/service packs that include the 'dnsquery'
command, but
have not found anything.
My supervisor and our computer conslutant team seem to think that the client
computer's SIDs are trying to authenticate to the PDC, and once a month, they
are unable to be authenticated, thus giving us the error.
My question is: Is there any way to disable SID authentication and still
allow access to the domain?
Thanks for your time.
Joey Rawlings
Computer Services Technician
Charles County Public Library
LaPlata, MD