日志大致如下:
Event ID: 5722
Source NETLOGON
Type Error
Description The session setup from the computer TEST_COMP1 failed to authenticate. The name of the account referenced in the security database is TEST_COMP1$. The following error occurred: Access is denied.
察看了kb175468 Effects of Machine Account Replication on a Domain 了解了有可能导致这一现象的原因
察看了kb154501 How to disable automatic machine account password changes 知道了如何停止这一同步
察看了Q216393 Resetting computer accounts in Windows 2000 and Windows XP 和KB260575 HOW TO:使用 Netdom.exe 重置 Windows 2000 域控制器的机器帐户密码
但似乎即便到出现问题的工作站上执行了netdom,也无法再次让这个同步回复正常。只能reset this computer account in active diretory,然后rejoin domain。
这在Q216393 Resetting computer accounts in Windows 2000 and Windows XP 中同样提到:
These tools allow for remote and non-remote administration. Netdom.exe and Nltest.exe are command-line tools that reset a successfully established security channel. You cannot use these tools when the security channel is broken, and communication is not working correctly.
后面我查到kb中还有一个关于此问题的论述:
如果确实有固定的机器是频繁的发生这种事情,可以修改本地计算机注册表禁止计算机和dc之间的这个定期的密码同步动作。
方法可以参考:Q154501 How to disable automatic machine account passwordchanges
地址在http://support.microsoft.com/default.aspx?scid=kb;EN-US;154501