We have a problem with a set of computers on our domain. they are constantly losing their trust relationship with the domain. it first happened last week and 8 days later happened again. On the Server we are getting NETLOGON errors with event 5722.
The session setup from the computer ComputerName failed to
authenticate. The name of the account referenced in the security database is
AccountName$.
The following error occurred:
Access is denied.
I was wondering if there was any way to determine why this is happening? I have checked the error logs and nothing seems to happen before these errors occur. I was thinking about re-imagaing the whole group of the machines.
If I do re-image them all would I be best deleting the computer objects out of AD completely and letting them create new computer objects when I re-join them to the domain? Is it best manually join them or is there a better method? I will have to re-name the machines as it is so will need to access them locally.
The Server is Windows Server 2008 R2 SP1, the machines are Windows 7 SP1
Edit: – In response to comments :-
These machines run Windows 7, Office and Adobe Audition, thats it so nothing odd. They are exactly the same as ten other machines in the room that we have no problem with.
The AD runs on Server 2008 R2 with a secondary domain controller running Windows Server 2008.
The machines sync time with the PDC and checking this they are at the correct time.
There are no duplicate names in AD.
If I remove them and re-add then they run fine again, thats what I did last time, then 8 days later they all dropped off again.
One odd thing:
The room next door had the same problem. I removed the PC's from the domain. Deleted the computer accounts from AD. Flushed the DNS Cache and removed the records of the machines from DNS. I then re-added them to the domain. they can contact the domain fine but their computer accounts do not show up in AD anywhere. Confused me something rotten.
Best Answer
Do you have anything altering the time on the PCs independantly to the domain?