OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: j.mickertsgmx.net
Date: Mon Nov 26 2001 - 14:11:27 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hi,

    first of all, just a few questions:
    How many Domain-Controllers do you run? If you have more than one it might
    well be a Netlogon issue (maybe the DCs are not in sync). It should not be
    an issue if the client was not logged on to the network for some time. You
    should check which DC is doing the authentication in case it fails and
    check whether it is always the same DC. If yes, you can do a full sync of
    the BDC with the netdom command supplied in the Resource Kit, maybe this
    will solve the issue. If this will resolve it, the DC corrupts its SAM
    replica and you should investigate why this happens, typically this is a
    hardware issue.
    You might create a local account on the laptops with rights to change the
    computer to be member of a workgroup. If you then delete the computer
    account, wait until it is removed from the Server Manager, sync the
    domain, re-create the computer account, sync the domain, it should be
    possible to add the computer to the domain without providing the right to
    the user to add/remove computers to/from the domain.

    Kind regards,

    Jens Mickerts

    Cav <Cavhawaii.rr.com>
    26.11.2001 09:09

     
            An: FOCUS-MSSECURITYFOCUS.COM
            Kopie:
            Thema: System Account Password

    Hi,

    I administer a Windows NT4 domain and am having issues with remote dial-up

    (VPN) users who travel. Occasionally, these users are going on travel and

    are experiencing problems with their machine account passwords. They get
    to the remote location and logon using dial-up networking and are getting
    the following error message.

    The system could not log you on to this domain because the system's
    computer account in its primary domain is missing or the password on that
    account is incorrect

    The computer accounts do exist (they're added to the domain during the
    standard laptop build), and so I believe these users are using their
    laptops only after an extended period of non-usage, causing the machine
    account passwords to be out of sync. Is this true or could it be
    something
    else (it happens occasionally, but much less frequently to workstations on

    the domain)? And the biggest question I have is how can I resolve this
    issue while the user is on travel (i.e. remotely)? The users don't have
    administrator access to their laptops, basically just user
    access. Currently we're subjected to sending up a replacement hard drive
    to the user...not a very convenient process. Any help would be
    appreciated.

    -Steven T.