+ Post New Thread
Results 1 to 9 of 9
Windows Server 2008 R2 Thread, workstations/laptops not communication with DC in Technical; Hello everyone!! So due to it coming up to the school holidays i have been thinking, laptop/workstations that dont contact ...
  1. #1

    Join Date
    Jan 2012
    Location
    Bradford
    Posts
    153
    Thank Post
    31
    Thanked 7 Times in 5 Posts
    Rep Power
    7

    workstations/laptops not communication with DC

    Hello everyone!!

    So due to it coming up to the school holidays i have been thinking, laptop/workstations that dont contact the DC or are turned on in a long period of time (1-2 months) seem to drop off the domain and no one can log back onto them until they are re-added to the domain. now i believe this has something to do with the trust relationship between the computer and DC breaks down or something similar (i could be wrong).

    so my question is, can i turn these computers off for 2 months then log on with an AD account when i first turn them on without removing and re-adding to the domain. Can i extend the trust relationship or something like that???



    Uffy2000

  2. #2

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,572 Times in 1,252 Posts
    Rep Power
    340
    If you create the following GPP regedit, this will stop workstations reporting Trust Relationship messages -

    Code:
    Hive: HKEY_LOCAL_MACHINE
    Key Path: SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
    Value name: DisablePasswordChange
    Value type: REG_DWORD
    Value data: 1 (Hex)
    I generally only have the problem on wireless rather than wired devices, but you can apply this to both.

    In theory even if you leave machines off for two months or more, it should still work.

  3. Thanks to Michael from:

    uffy2000 (26th February 2013)

  4. #3

    Join Date
    Jan 2012
    Location
    Bradford
    Posts
    153
    Thank Post
    31
    Thanked 7 Times in 5 Posts
    Rep Power
    7
    Muchly Appreciated, ill give this a go!

    The previous technician did not add laptops/netbooks to the domain because he kept having to re-add them after the holidays. I knew there was a way to stop or at least postpone this, now i have to add all the netbooks and teacher laptops to the domain after i have added this gem!

    Thanks again for the input!

    Uffy2000

  5. #4

    Join Date
    Dec 2009
    Posts
    914
    Thank Post
    98
    Thanked 184 Times in 159 Posts
    Rep Power
    54

  6. #5
    Tsonga's Avatar
    Join Date
    Oct 2012
    Location
    Dorset
    Posts
    155
    Thank Post
    9
    Thanked 19 Times in 16 Posts
    Rep Power
    7
    Woah, why are they dropping off in the first place?

  7. #6

    Join Date
    Dec 2009
    Posts
    914
    Thank Post
    98
    Thanked 184 Times in 159 Posts
    Rep Power
    54
    Quote Originally Posted by Tsonga View Post
    Woah, why are they dropping off in the first place?
    The computer password has changed but the domain controllers machine password database hasnt updated. The trust relationship is then broken.

    The link i posted explains it all. It isn't uncommon I dont think.


  8. #7

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,632
    Thank Post
    49
    Thanked 462 Times in 337 Posts
    Rep Power
    140
    Once again this can often be traced back to DNS/RDNS issues.
    Machines that have lingering and obsolete records in DNS will have trouble initiating the secure channel between the host and DC often laptops with netbios names appearing in RDNS zone with multiple IP addresses.

    Laptop-001 was once 192.168.1.12 this has not been seen for 2 months, another device has used the IP since but the RDNS record has not been cleaned up. Laptop-001 suddenly reappears as 192.168.1.99 and there are now two or more entries in the RDNS zone or another device is assumed to be Laptop-001.

    The machine password change will fail if there are resolution issues, the act of deleting the machine account and rejoining the domain also tend to force DNS registration and updates so this appears to have fixed the problem when in fact it was a DNS issue all along.

    99% of AD issues stem from DNS related problems. If there is one part of windows networking that requires almost OCD like attention its DNS keep it clean tidy and up to date many of these type of issues never occur.

  9. Thanks to m25man from:

    uffy2000 (26th February 2013)

  10. #8

    Join Date
    Dec 2009
    Posts
    914
    Thank Post
    98
    Thanked 184 Times in 159 Posts
    Rep Power
    54
    Quote Originally Posted by m25man View Post
    Once again this can often be traced back to DNS/RDNS issues.
    Machines that have lingering and obsolete records in DNS will have trouble initiating the secure channel between the host and DC often laptops with netbios names appearing in RDNS zone with multiple IP addresses.

    Laptop-001 was once 192.168.1.12 this has not been seen for 2 months, another device has used the IP since but the RDNS record has not been cleaned up. Laptop-001 suddenly reappears as 192.168.1.99 and there are now two or more entries in the RDNS zone or another device is assumed to be Laptop-001.

    The machine password change will fail if there are resolution issues, the act of deleting the machine account and rejoining the domain also tend to force DNS registration and updates so this appears to have fixed the problem when in fact it was a DNS issue all along.

    99% of AD issues stem from DNS related problems. If there is one part of windows networking that requires almost OCD like attention its DNS keep it clean tidy and up to date many of these type of issues never occur.
    Hi,

    The URL I posted from Microsoft on this issue does not mention anything about DNS.....

    *shrug*


  11. #9

    Join Date
    Jun 2009
    Location
    North
    Posts
    114
    Thank Post
    28
    Thanked 17 Times in 17 Posts
    Rep Power
    15
    DNS scavenging should sort out the duplicate records in DNS as RTFM said its to do with the passwords databases

  12. Thanks to ict_support from:

    RTFM (25th January 2013)

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 0
    Last Post: 27th August 2009, 03:43 PM
  2. Anyone here not bothering with the BECTA SRF?
    By becktonboy in forum School ICT Policies
    Replies: 7
    Last Post: 7th May 2007, 05:59 AM
  3. Zune not compatible with Vista.
    By Geoff in forum IT News
    Replies: 2
    Last Post: 3rd March 2007, 03:18 PM
  4. Centrinity FirstClass not working with DHCP IP Address?
    By CM786 in forum Wireless Networks
    Replies: 4
    Last Post: 14th December 2006, 06:14 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •