1
00:00:06,420 --> 00:00:14,320
Ever remember a computer in an edit as domain maintains a computer account with a user name which is

2
00:00:14,560 --> 00:00:17,610
Sam account name and password.

3
00:00:17,650 --> 00:00:24,900
Just like a user account does the computer restore its password in the form of a local security authority.

4
00:00:24,940 --> 00:00:33,360
Or let's say secret and changes it but it's password with a domain approximately every 30 days.

5
00:00:33,400 --> 00:00:41,560
The net logon service uses the credentials to assign into the domain which establishes a secure channel

6
00:00:41,770 --> 00:00:43,330
with a domain controller.

7
00:00:43,330 --> 00:00:50,020
Computer accounts and the relationships between computers and their domain are generally robust.

8
00:00:50,020 --> 00:00:56,680
Nevertheless there are certain scenarios in which a computer can not authenticate with the domain.

9
00:00:56,680 --> 00:01:03,940
When this happens users are unable to sign in and the computer can not access the resources such as

10
00:01:04,240 --> 00:01:05,500
group policy.

11
00:01:05,530 --> 00:01:13,600
Example Say of scenarios where this can happen include the following after reinstalling the operating

12
00:01:13,600 --> 00:01:20,560
system on a workstation liver extension cannot authenticate even though the technician is used the same

13
00:01:20,560 --> 00:01:28,100
computer name used in the previous installation because the new installation generated and you see it.

14
00:01:28,120 --> 00:01:35,530
And because the new computer does not know the original computer account password in the domain it does

15
00:01:35,530 --> 00:01:39,790
not belong to the domain and can not authenticate to the domain.

16
00:01:39,790 --> 00:01:47,980
Another scenario is a computer has not been in use for a for an extended period perhaps because the

17
00:01:47,980 --> 00:01:54,280
user was walking away from the office or the computer was rebuilt to the spare.

18
00:01:54,280 --> 00:02:00,670
During this period an administrator must have researched or deleted the computer recall.

19
00:02:00,920 --> 00:02:09,730
Another scenario is a computer's LSA secret gets out of synchronization with a password that the domain

20
00:02:09,730 --> 00:02:14,950
knows you can think of this as the computer forget and its password.

21
00:02:14,950 --> 00:02:18,980
The computer and the domain do not agree on the correct password.

22
00:02:19,060 --> 00:02:25,490
When this happens the computer can not authenticate and a secure channel cannot be created.

23
00:02:25,720 --> 00:02:30,180
So let's discuss the steps that you should take in these scenarios.

24
00:02:30,250 --> 00:02:36,940
When the security relationship between a computer account and its domain is broken the result is in

25
00:02:36,940 --> 00:02:40,490
numerous potential symptoms sound errors.

26
00:02:40,510 --> 00:02:50,170
The most common signs of computer account problems are messages at sign in indicate that a domain controller

27
00:02:50,500 --> 00:02:57,850
cannot be contacted that the computer recount might be missing that the password on the computer account

28
00:02:57,850 --> 00:03:06,280
is incorrect or that the trust relationships also call to the secure relationship between the computer

29
00:03:06,280 --> 00:03:08,380
and the domain has been lost.

30
00:03:08,380 --> 00:03:17,200
You might encounter error messages or rewound and the event log indicating similar problems or suggesting

31
00:03:17,200 --> 00:03:25,480
that passwords trust secure channels or relationships with a domain or domain controller have failed.

32
00:03:25,480 --> 00:03:34,740
One such error is not log on a wound tidied 32 10 failed to authenticate which appears in the computer

33
00:03:34,760 --> 00:03:39,570
around log when the secure channel fails you must resent it.

34
00:03:39,610 --> 00:03:47,110
Many administrators do this by removing the computer from the domain putting it in a very group and

35
00:03:47,110 --> 00:03:54,610
then rejoining the computer to the domain removing the computer from the domain disables the computer

36
00:03:54,610 --> 00:04:02,890
account in a tedious when you rejoin the computer to the domain it reuses the same computer account

37
00:04:03,190 --> 00:04:11,910
but loses its group memberships do not rename the computer when you rejoin it to the domain you call.

38
00:04:11,920 --> 00:04:20,140
You also can reset the secure channel between a domain member and a domain by using Active Directory

39
00:04:20,140 --> 00:04:21,880
Users and Computers.

40
00:04:22,030 --> 00:04:30,790
Active Directory administrative center the a smart command line tool or not dorm command line tool or

41
00:04:31,060 --> 00:04:33,370
an old task command land tool.

42
00:04:33,490 --> 00:04:42,580
If you reset the account the computer's seat remains the same and the computer maintains its group memberships

43
00:04:42,730 --> 00:04:49,990
to reset the secure a channel by using Active Directory user or some computer or saw Active Directory

44
00:04:49,990 --> 00:04:51,490
administrative center.

45
00:04:51,520 --> 00:04:53,190
Follow this procedure.

46
00:04:53,320 --> 00:04:57,660
Right click the computer and then click reset account.

47
00:04:57,820 --> 00:05:04,850
Click yes to confirm your choice rejoin the computer to the domain and then restart the computer.

48
00:05:05,390 --> 00:05:13,230
Said the secure channel by using diesel smart follows this procedure at a command line at a command

49
00:05:13,230 --> 00:05:15,690
prompt type the following command.

50
00:05:15,720 --> 00:05:22,430
The smart computer in double quotes computer distinguished name Dash.

51
00:05:22,440 --> 00:05:27,940
Reset then rejoin the computer to the domain and then restart the computer.

52
00:05:27,960 --> 00:05:31,550
You can also perform this section with the help of Nat dom.

53
00:05:31,590 --> 00:05:37,530
So to reserve the secure a channel by using net dumb type the following command to the command prompt

54
00:05:37,890 --> 00:05:46,290
where the credentials belong to the local administrators group or the computer type not dumb reset mission

55
00:05:46,320 --> 00:05:56,520
name slash domain and followed by domain name slash user followed by user name and slash for zero followed

56
00:05:57,270 --> 00:06:05,730
by password this command resets the secure channel by attempting to reset the password on both the computer

57
00:06:05,730 --> 00:06:13,450
and the domain so it does not require rejoining or rebooting to reset the secure channel by using an

58
00:06:13,460 --> 00:06:21,870
old test command on the computer that has lost its thrust tab the following command at a command prompt

59
00:06:22,180 --> 00:06:31,650
and all test slash server call on server name slash as C underscore research call on domain backslash

60
00:06:31,740 --> 00:06:39,150
domain controller name you also can use the active directory module for Windows power cell to reset

61
00:06:39,150 --> 00:06:47,130
a computer recall to reset the security channel between the local computer and its domain run the command

62
00:06:47,160 --> 00:06:55,500
on the local computer test computer secure a channel dash repair you can use this command RT Also by

63
00:06:55,500 --> 00:07:03,750
type and invoke command dash computer name followed by the name of the computer that script block and

64
00:07:03,960 --> 00:07:08,060
reset this computer machine password in curly braces.

65
00:07:08,310 --> 00:07:16,980
So lots of choices you could do it to try and run each of these command for your practice and then choose

66
00:07:16,980 --> 00:07:19,640
the preferred method which CO2.