none
Machines Loosing Trust with Domain

    General discussion


  • So I'm not 100% sure if its a case of Mistaken Identity, or if there is another underlying issue.   There have been a few people who's machines have lost the Trust Relationship with the domain.   I think some of the machines might have been conflicting names, but others are not.

    On one of our Web Servers I also noticed the Error Below.   When does a machine check in and see if it is trusted?  How often does it change its password?

    Thanks


    Log Name:      System
    Source:        NETLOGON
    Date:          2/2/2010 3:02:57 AM
    Event ID:      3224
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      VSVR
    Description: Changing machine account password for account VSVR$ failed with the following error: The directory service is busy.
    Tuesday, February 02, 2010 6:23 PM

All replies

  • By default, every 30 days. However, for the password change to take place, the domain controller has to be available - so in this case, the error message would imply that the computer will attempt it again...
    Refer to http://blogs.technet.com/askds/archive/2009/02/15/test2.aspx for details...

    Take a closer look at utilization levels of your DCs...

    hth
    Marcin
    Tuesday, February 02, 2010 6:31 PM
  • For the Subnet that this server was in, there are three DCs. All pretty low usage... One was jsut added 3 days ago, 1 is a DHCP/Print spooler  and the last a File server. All I dont think were too busy at 3AM.

    Hmmm...
    Wednesday, February 03, 2010 12:44 AM
  • In general, configuring DC to provide other services (especially file/print) is not recommended - for a variety of reasons. Regardless of this particular issue, you might want to alter your DC deployment/usage strategy...

    hth
    Marcin
    Wednesday, February 03, 2010 1:13 AM
  • Hi,

    To better understand you problem, please help to collect the following information for research:

    1. When did the issue start to occur?
    2. Except the event 3224, is there any other error message on web server or DC? If so, please let us know the detailed error message.
    3. Enable the netlogon debug logon with command on problematic server "nltest /dbflag:2080ffff". If the netlogon 3224 occurs again, collect the windows\debug\netlogon.log &netlogon.bak files, send to tfwst@microsoft.com.
     
    4. MPS report of the problematic server.

    1) Download proper MPS Report tool from the website below.

    Microsoft Product Support Reports
    http://www.microsoft.com/downloads/details.aspx?FamilyID=CEBF3C7C-7CA5-408F-88B7-F9C79B7306C0&displaylang=en

    2) Double-click to run it, if requirement is not met, please follow the wizard to download and install them. After that, click Next, when the "Select the diagnostics you want to run" page appears, select "General", "Server Components", click Next.

    After collecting all log files, choose "Save the results", choose a folder to save <Computername>MPSReports.cab file. and use Windows Live SkyDrive (http://www.skydrive.live.com/) to upload the file. If you would like other community member to analyze the report, you can paste the link here, if not, you can send the link to tfwst@microsoft.com.

    Thanks.


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Wednesday, February 03, 2010 2:20 AM
    Moderator
  • Hi,

    Do you need any other assistance? If there is anything we can do for you, please let us know.

    Thanks.


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Monday, February 15, 2010 6:20 AM
    Moderator