Computers away from the network for sometime...

Discussion in 'OT Technology' started by 5Gen_Prelude, Jan 8, 2003.

  1. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    ... seem to drop their computer passwords with the server. For example, a laptop I occassionally use at home is always being denied because it hasn't logged in in sometime, yet my personal credentials are fine. This also happens on my home computer via VPN if I don't log in all the time. I can rejoin the domain with no problems but how can I prevent this from happening in the first place? With me it's no problem because I'm an admin, but people who aren't in the office all the time have the same problem.

    I did actually search for this once before and didn't get far and had to move on. It might be because I'm using the wrong terminology though. Any help?

    PS This is in a W2K environment.
     
  2. Dommi

    Dommi Guest

    first few things.
    first thing that hit me
    if it is win 2k and has AD running you might want to check that there are no restricitions running on logon time.
    second. you might want to see if there is an idle restriction in place for user accounts
    you might want to see if there is a periodic broadcast storm causing the network coms to crash
    IE i couldnt give you a definitive, just some thoughts
     
  3. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    Hmmm - well it's nothing to do with the user accounts - I know that much. It has to do with the computer accounts - both NT4.0 and NT5.0 track NT computers as a computer account. This account is secured by a password that I guess changes periodically. For a computer that is connected, this change is no problem. For a computer that isn't connected (like my laptop) the new sync password doesn't reach it. It then tries the last password and if that works, you're good to go. If that one doesn't work then it basically says your computer account is stale dated.

    It's kinda like in Star Wars VI where they use an old empire ship to land on the planet. The codes were still valid but they were old. In my case, my ship is too old and they've scrambled some tie-fighters and are preventing me from accessing their precious Deathstar until I sell my soul and rejoin the empire.

    Ummm... at any rate, I need to either figure out why the network needs to resync and stop it, or have a way to not worry about the computer accounts (since they're not actively participating in domain logins). I had a similar problem with a backup AD that I had ghosted. When I brought the old install back online, it wouldn't sync with the PDC - in NT days you could force it but for the life of me I couldn't. And for non-domain controllers, you simply have to join the domain again, but you need an account that has the right to do so. It's like during the rejoin it doesn't care there is a stale-dated password cached, it just starts fresh again.
     
  4. Dommi

    Dommi Guest

    :uh:
    no idea man. 2+ years since my mcse and that was in nt 4.

    all I can do is suggest you look up the right hi key's for disabling new key changeover in the encryption engine for the authentication service (if that makes anysense)
     
  5. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    Yeah - I never had this problem with NT4.0 (mind you I didn't use NT except for DC's). Thanks for the suggestion though...

    Was this a typo tho?: ... look up the right hi key's for disabling...

    And if not, what's a hi key?
     
  6. Dommi

    Dommi Guest

    errr hi key or hkey or reg key....

    sorry. force of habit
     

Share This Page