Active Directory
A set of directory-based technologies included in Windows Server.
6,456 questions
Computer accounts dissappearing in active directory
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 23%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJB%3C/text%3E%3C/svg%3E)
john braun
21
Reputation points
Hi, today I've had more phone calls from users that they can't sign in to computers. After entering a password a notification is displayed: The Security Database on the Server does not have a Computer Account for this Workstation Trust Relationship The problem can be solved, rejoin computer in to a domain. It is clear to me that it will probably not be possible to return all PCs to domain without rejoin, but I would be interested in at least the reason why it happened, or whether it can happen on other PCs as well. I checked on DC in ADUC, name of computer with this notification, and did not find him. Its disappeared. It is not even in deleted objects. The problem is that it doesn't live 5-10 pc but hundreds. On DCs in event logs I see problem IDs 5805 and 5723 (NETLOGON). The session setup from the computer KE03059 failed to authenticate. The following error occurred: Access is denied. or The session setup from computer 'XXXXX' failed because the security database does not contain a trust account 'XXXXX$' referenced by the specified computer. USER ACTION If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. If this is a Read-Only Domain Controller and 'XXXXX' is a legitimate machine account for the computer 'XXXX' then 'XXXXX' should be marked cacheable for this location if appropriate or otherwise ensure connectivity to a domain controller capable of servicing the request (for example a writable domain controller). Otherwise, the following steps may be taken to resolve this problem: If 'XXXXX$' is a legitimate machine account for the computer 'XXXXX', then 'XXXXX' should be rejoined to the domain. If 'XXXXX$' is a legitimate interdomain trust account, then the trust should be recreated. Otherwise, assuming that 'XXXXX$' is not a legitimate account, the following action should be taken on 'XXXXX': If 'XXXXXX' is a Domain Controller, then the trust associated with 'XXXXX$' should be deleted. If 'XXXXXX' is not a Domain Controller, it should be disjoined from the domain. It is interesting, that all this computer its from one locality(region). It sometimes happened that the pc lost trust relationship, but remained in AD. Can you please advise how to approach a possible reason why hapenned? Thanks
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFF%3C/text%3E%3C/svg%3E)
Fan Fan 15,326 Reputation points Microsoft Vendor2021-03-23T02:32:05.703+00:00 Hi,
Before going further , i would recommend you check if the DCs work well by the command :
Dcdiag /v >c:\dcdiag1.log
Repadmin /showrepl >C:\repl.txt
Repadmin /showreps *Best Regards,
-
john braun 21 Reputation points
2021-03-23T07:07:05.69+00:00 Hi,
Thanks for reply. DCdiag is without error, except for NETLOGON errors(computers that have disappeared ), and Repadmin /showrepl - all was successful, but Repadmin /showreps * - give me error: LDAP error 81 (Server Down) Win32 Err 58.
-
Fan Fan 15,326 Reputation points Microsoft Vendor
2021-03-23T07:37:48.42+00:00 Hi,
You can runt the command to get more details :
repadmin /showrepl * /csv (replication situation for all the DCs)
It is not suggested to upload here due to a security reason.
Best Regards, -
john braun 21 Reputation points
2021-03-24T01:24:37.773+00:00 Hi,
this cmd give me this:
we have 6 DCs, domain contoso.com, and one DC for sub domain contoso1.contoso.com
the output give info for each server ofc, and ofc with anothers names of servers in replication. But, all with 0 (I guess 0= without error) -
Fan Fan 15,326 Reputation points Microsoft Vendor
2021-03-24T03:09:00.507+00:00 Hi,
Then i would recommend you the following points:
If any old DCs still exist in the domain .If the firewall prevent any ports.
Portquery is free tool from the MS which can be downloaded and installed to verify the necessary ports are opened or not.
PortQryUI - User Interface for the PortQry Command Line Port Scanner (GUI version)
http://www.microsoft.com/en-us/download/details.aspx?id=24009Best Regards,
-
Fan Fan 15,326 Reputation points Microsoft Vendor
2021-03-29T06:04:04.96+00:00 Hi,
Just want to confirm the current situations.
If there's anything you'd like to know, don't hesitate to ask.Best Regards,
-
john braun 21 Reputation points
2021-04-06T08:48:34.02+00:00 Hi,
sorry for delay. No, they are not old DSc in the network, and no firewall modifications were made either. Communications its still the same. Logs do not show any network fails or issue :/
Sign in to comment
Sign in to answer