Phantom Machines

%3CLINGO-SUB%20id%3D%22lingo-sub-1515174%22%20slang%3D%22en-US%22%3EPhantom%20Machines%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1515174%22%20slang%3D%22en-US%22%3E%3CP%3EI%20recently%20added%20a%20Server%202019%20Server%20as%20a%20Domain%20controller.%26nbsp%3B%20(this%20issue%20may%20have%20going%20on%20before%2C%20but%20just%20didn't%20noticed)%3C%2FP%3E%3CP%3EAnway%2C%20every%20so%20often%26nbsp%3B%20(15%20to%2020%20min)%2C%20in%20the%20event%20viewer%20system.....i%20get%20event%20id%205722%20%22The%20session%20setup%20from%20the%20computer%20SORTERA-PC%20failed%20to%20authenticate.%20The%20name(s)%20of%20the%20account(s)%20referenced%20in%20the%20security%20database%20is%20SORTERA-PC%24.%20The%20following%20error%20occurred%3A%3CBR%20%2F%3EAccess%20is%20denied.%22%26nbsp%3B%3C%2FP%3E%3CP%3Eand%205723%26nbsp%3B%20%22The%20session%20setup%20from%20computer%20'SORTERA-PC'%20failed%20because%20the%20security%20database%20does%20not%20contain%20a%20trust%20account%20'SORTERA-PC%24'%20referenced%20by%20the%20specified%20computer.%20%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eand%205805%26nbsp%3B%20%26nbsp%3B%22The%20session%20setup%20from%20the%20computer%20SORTERA-PC%20failed%20to%20authenticate.%20The%20following%20error%20occurred%3A%3CBR%20%2F%3EAccess%20is%20denied.%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20computer%20name%20changes%2C%20but%20seems%20to%20use%20about%20the%20same%206%20machine%20names.%3C%2FP%3E%3CP%3EThese%20machines%20have%20been%20gone%20for%20a%20long%20time.%26nbsp%3B%20%26nbsp%3Bnothing%20in%20DNS%2C%20DHCP%20or%20ADUC.%3C%2FP%3E%3CP%3Ei%20see%20all%20over%20the%20Internet%2C%20they%20say%20to%20just%20're-join'%20it%20to%20the%20domain.....but%20again%2C%20these%20machine%20DO%20NOT%20exist%20anymore.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOne%20thing%20i%20tried%2C%20i%20took%20a%20machine%2C%20removed%20it%20from%20the%20domain.%26nbsp%3B%20%26nbsp%3B%20Changed%20the%20name%20to%20one%20of%20the%20phantom%20machines%2C%20rebooted.%26nbsp%3B%20%26nbsp%3B%20Joined%20it%20to%20the%20domain%2C%20rebooted.%26nbsp%3B%20%26nbsp%3B%20Signed%20on%20with%20a%20domain%20account.%26nbsp%3B%20%26nbsp%3B%20all%20is%20good%20and%20happy.%3C%2FP%3E%3CP%3EI%20disjoin%20the%20domain%2C%20reboot.%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3Bdelete%20it%20from%20ADUC%2C%20and%20make%20sure%20it%20doesn't%20show%20anywhere.%3C%2FP%3E%3CP%3Ea%20few%20hours%20later...poof....same%20complaint....%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20ideas%3F%3F%3F%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1515174%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EActive%20Directory%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
New Contributor

I recently added a Server 2019 Server as a Domain controller.  (this issue may have going on before, but just didn't noticed)

Anway, every so often  (15 to 20 min), in the event viewer system.....i get event id 5722 "The session setup from the computer SORTERA-PC failed to authenticate. The name(s) of the account(s) referenced in the security database is SORTERA-PC$. The following error occurred:
Access is denied." 

and 5723  "The session setup from computer 'SORTERA-PC' failed because the security database does not contain a trust account 'SORTERA-PC$' referenced by the specified computer. "

 

and 5805   "The session setup from the computer SORTERA-PC failed to authenticate. The following error occurred:
Access is denied."

 

The computer name changes, but seems to use about the same 6 machine names.

These machines have been gone for a long time.   nothing in DNS, DHCP or ADUC.

i see all over the Internet, they say to just 're-join' it to the domain.....but again, these machine DO NOT exist anymore.

 

One thing i tried, i took a machine, removed it from the domain.    Changed the name to one of the phantom machines, rebooted.    Joined it to the domain, rebooted.    Signed on with a domain account.    all is good and happy.

I disjoin the domain, reboot.     delete it from ADUC, and make sure it doesn't show anywhere.

a few hours later...poof....same complaint....

 

Any ideas????

 

0 Replies