Computer accounts and Remote DCs

[Jeff]

I am having an issue when computer accounts are added to Active Directory.
We have an AD infrastructure that includes two DCs at our main site and one
DC at each of several remote sites around the US. When we add a PC to the
domain at our main site, frequently the computer account will be created on
a remote DC. THis creates many issues and results in the following error
message in the system logs:

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5723
Date: 9/13/2005
Time: 12:26:56 PM
User: N/A
Computer: MYDC
Description:
The session setup from computer 'D27LT761' failed because the security
database does not contain a trust account 'D27LT761$' referenced by the
specified computer.

USER ACTION
If this is the first occurrence of this event for the specified computer and
account, this may be a transient issue that doesn't require any action at
this time. Otherwise, the following steps may be taken to resolve this
problem:

If 'D27LT761$' is a legitimate machine account for the computer 'D27LT761',
then 'D27LT761' should be rejoined to the domain.

If 'D27LT761$' is a legitimate interdomain trust account, then the trust
should be recreated.

Otherwise, assuming that 'D27LT761$' is not a legitimate account, the
following action should be taken on 'D27LT761':

If 'D27LT761' is a Domain Controller, then the trust associated with
'D27LT761$' should be deleted.

If 'D27LT761' is not a Domain Controller, it should be disjoined from the
domain.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


Has anyone seen this before? What can I do to correct this?

I've run DCDIAG on all the DCs in our etnerprise and there are no failures.
I also verified that subnets are configured properly in AD. The only
anomoly with subnets is that we have some remote sites that do not have DCs.
The subnets for those sites are configured in AD but are assigned to our
Main site.

Any insight is greatly appreciated.

Thanks,

Jeff

 

[Paul Bergson]

You should fix your site definition. I see no value in having a site
defined if there are no DC's, this is how machines are supposed to find
there closest DC among other things.

Try running repadmin and netdiag to find out if you have any replication
errors.


Copy the following to a cmd file and run look for error, fail and warn
within the reports. Post any errors you can't figure out.

@echo off

c:
cd \
cd "program files\support tools"

netdiag.exe /v > c:\netdiag.log
start c:\netdiag.log

repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
start c:\repl.txt


See for more details

http://www.microsoft.com/technet/pr...Ref/1d4ce93c-54f2-4069-a708-251509c38837.mspx

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Jorge_de_Almeida_Pinto]

I am having an issue when computer accounts are added to
Active Directory.
We have an AD infrastructure that includes two DCs at our main
site and one
DC at each of several remote sites around the US. When we add
a PC to the
domain at our main site, frequently the computer account will
be created on
a remote DC. THis creates many issues and results in the
following error
message in the system logs:

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5723
Date: 9/13/2005
Time: 12:26:56 PM
User: N/A
Computer: MYDC
Description:
The session setup from computer 'D27LT761' failed because the
security
database does not contain a trust account 'D27LT761$'
referenced by the
specified computer.

USER ACTION
If this is the first occurrence of this event for the
specified computer and
account, this may be a transient issue that doesn't require
any action at
this time. Otherwise, the following steps may be taken to
resolve this
problem:

If 'D27LT761$' is a legitimate machine account for the
computer 'D27LT761',
then 'D27LT761' should be rejoined to the domain.

If 'D27LT761$' is a legitimate interdomain trust account, then
the trust
should be recreated.

Otherwise, assuming that 'D27LT761$' is not a legitimate
account, the
following action should be taken on 'D27LT761':

If 'D27LT761' is a Domain Controller, then the trust
associated with
'D27LT761$' should be deleted.

If 'D27LT761' is not a Domain Controller, it should be
disjoined from the
domain.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


Has anyone seen this before? What can I do to correct this?

I've run DCDIAG on all the DCs in our etnerprise and there are
no failures.
I also verified that subnets are configured properly in AD.
The only
anomoly with subnets is that we have some remote sites that do
not have DCs.
The subnets for those sites are configured in AD but are
assigned to our
Main site.

Any insight is greatly appreciated.

Thanks,

Jeff

I assume the computer account later on still gets replicated to the
other DCs.

If you want to target a specific DC when joining use the NETDOM tool
and target a specific DC (thanks Dean)

NETDOM JOIN Joins a workstation or member server to the domain.

machine is the name of the workstation or member server to be joined

/Domain Specifies the domain which the machine should join.
You
can specify a particular domain controller by entering
/Domain:domaindc. If you specify a domain controller,
you
must also include the user’s domain. For
example: /UserD:domainuser