Oct 15, 2011

NETLOGON Event 3210 and Corrupted Domain Authentication Woes

Was having an issue for several weeks at work where when I tried to run ASP.NET sites locally (debugger attached or not), I was getting an imposing YSOD:

The trust relationship between this workstation and the primary domain failed.

It was failing on a call to IsInRole, so I suspected Active Directory issues but couldn't for the life of me figure out what was wrong. My machine was correctly attached to our domain here at work, I was having no issues logging in to my machine, changing the password, or using other ASP.NET sites running on dedicated web servers. The difference seemed to be only if I ran it locally, which made debugging and testing changes before deploying (even to our test platform) a real PITA.

The tell-tale sign was this error buried in the Event Log:

Event Viewer showing error event 3210 from NETLOGON System Event Log - NETLOGON Event 3210
This computer could not authenticate with DOMAINURL, a Windows domain controller for domain DOMAINNAME, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.

I determined that if I logged into a different machine, everything worked fine. If I had someone else, also a domain account member like me, log into my machine they would get the same exact error. So it wasn't my account, specifically.

After spending far too much time Googling around, and finding instructions that made my lower lip quiver in fear, I decided to finally do what the above event message said to do: I contacted my administrator.

He walked in, said hi, proceeded to remove the computer from the domain (via System Properties –> Computer Name –> Change domain or workgroup), reboot, re-join the domain, reboot again, and presto! No more problems. Simple as that.

Yanno, to fix weird behavior in my apps I typically have to start debugging and tracing code.

These sysadmin guys have it so easy.

1 comment:

  1. you might have an awesome blog right here! would you like to make some invite posts on my weblog? casino real money