To reset domain member in Windows NT

[Bankebihari]

I have Windows NT in my office. I receive the following logon message when I attempt to log on to your Windows NT domain from a computer running Windows NT Workstation or Windows NT Server that is a member of the domain :
The system cannot log you on to this domain because the system's
computer account in its primary domain is missing or the password on
that account is incorrect.

Why is this happening ? What can be the reason ?
How can I get rid of this ? Can I reset the domain member ?.........

plz help.....

[Calvin K]

This problem may occur if any of the following conditions is true -

• The name of the domain member was recently changed.
• The Emergency Repair Disk was used, but it contained old information.
• The domain member computer account was removed.

[SalVatore]

You can solve this problem by resetting domain member.

Consider you have a domain member named DOMAINMEMBER.
You can reset the member secure channel by using the following command:

NETDOM MEMBER \\DOMAINMEMBER /JOINDOMAIN

You can run the command above on the member DOMAINMEMBER or on any other member or domain controller of the domain, provided that you are logged on with an account that has administrator access to DOMAINMEMBER.

The output received from the command should be similar to the following:

Searching PDC for domain DOMAIN ...
Found PDC \\DOMAINPDC
Querying domain information on PDC \\DOMAINPDC ...
Querying domain information on computer \\DOMAINMEMBER ...
Computer \\DOMAINMEMBER is already a member of domain DOMAIN.
Verifying secure channel on \\DOMAINMEMBER ...
Verifying the computer account on the PDC \\DOMAINPDC ...
Resetting secure channel ...
Changing computer account on PDC \\DOMAINPDC ...
Stopping service NETLOGON on \\DOMAINMEMBER .... stopped.
Starting service NETLOGON on \\DOMAINMEMBER .... started.
Querying user groups of \\DOMAINMEMBER ...
Adding DOMAIN domain groups on \\DOMAINMEMBER ...

The computer \\DOMAINMEMBER joined the domain DOMAIN successfully.

Logoff/Logon \\DOMAINMEMBER to take modifications into effect.

[Lillebror]

Assume you have the following configuration:
Domain = DOMAIN
DC = DOMAINDC (domain controller)
MEMBER = DOMAINMEMBER

When a member server joins a domain, a computer account is created (you can use Server Manager to see the computer account). A default password is given to the computer account, and the member stores the password in the Local Security Authority (LSA) secret storage $MACHINE.ACC. By default, the password is changed every seven days.

Each member maintains such an LSA secret, which is used by the Netlogon service to establish a secure channel. If, for some reason, the computer account's password and the LSA secret are not synchronized, the Netlogon service logs the following error:

NETLOGON Event ID 3210:

Failed to authenticate with \\DOMAINDC, a Windows NT domain controller
for domain DOMAIN.


If the computer account has been deleted, the following error is logged by the member Netlogon service:

NETLOGON Event ID 5721:

The session setup to the Windows NT Domain Controller <Unknown> for the
domain DOMAIN failed because the Windows NT Domain Controller does not
have an account for the computer DOMAINMEMBER.


Similarly, the Netlogon service on the domain controller logs the following error when the password is not synchronized:

NETLOGON Event 5722

The session setup from the computer DOMAINMEMBER failed to authenticate.
The name of the account referenced in the security database is
DOMAINMEMBER$. The following error occurred: Access is denied.


In all cases, the event data contains the error. For example, error 0xC0000022 means that the computer account's password is invalid; error 0xC000018B means that the computer account has been deleted, and so on.