Why Does My Domain Computer Account Keep Dying?

0 Comments   [ - ] Hide Comments


Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
Answer this question or Comment on this question for clarity


Computer accounts are managed in the background between the computer and its domain controller. Periodically the password for the computer account is updated. Normally, you never know it, or care for that matter. However if you have a virtual machine that is part of a domain, eventually this catches up with you. The computer and the domain controller negotiate a new password, you discard changes to your virtual machine and restart, and there you have it- invalid computer account credentials. You'll need to logon to the computer as local administrator and rejoin the domain to establish a computer account that is again in sync. When you shut down, be sure to commit changes to the virtual machine or you'll be back in the same boat!
Another reason for the problem was also suggested: Your local machine keeps a record of the last time it logged into the domain, which is obviously set when you take the capture (or if you are using Ghost imaging or similar). If the difference between todays date and last time you logged into the domain exceeds 30 days, the domain refuses entry. This is a microsoft "security" setting which cannot be modified.
With Windows 2003 Server Edition, you can now disable domain account password updates using the information provided here. We have also had members report that you can disable machine account password changes with Windows 2000 if you change the DWORD registry value HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange to 1.
Answered 11/28/2005 by: bkelly
Red Belt

Please log in to comment