Duplicate computer name prevents Active Directory domain logon

I came across an interesting problem a few nights back… I locked myself out of a Windows XP computer. Here’s how it happened, along with how I got back in.

First, I built a new Windows Server and inadvertently used the same name as an existing Windows XP computer. Then I joined the server to an Active Directory domain (from this point on, the machine that was originally using the computer name is unable to authenticate with the domain as its password will have been overwritten when the duplicate machine joined the domain).

I then turned on the Windows XP computer. Because this machine is a notebook PC and wasn’t connected to the network at the time, I logged in using cached credentials; however after installing a wireless network card and restarting the computer, I was presented with a message that indicated I could not log on to the domain. Unfortunately I didn’t make a note of the exact message at the time, but looking back, I can see the NetLogon event 3210 in the system event log, the description for which which tells me exactly the problem:

This computer could not authenticate with \\domaincontroller.domainname.tld, a Windows domain controller for domain domainname, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.

Realising my mistake, I logged on using a local account and tried to rejoin the domain. Except that I couldn’t, because, as per Microsoft’s advice, I had disabled the local administrator account when I joined the domain and all I had available to me were standard user accounts.

Luckily Daniel Petri has published an article with a workaround for when a Windows computer cannot log on to a Windows Server 2003 domain due to errors connecting to the domain. By removing the network cable and restarting, I could log on as a domain administrator using cached credentials. Then, I enabled the local administrator account and changed the computer name before moving the computer out of the domain and into a workgroup. I then rebooted (with the network cable connected), logged in using the re-enabled administrator account and rejoined the domain (with the new computer name), before disabling the administrator account again.


8 thoughts on “Duplicate computer name prevents Active Directory domain logon

  1. I just had a similar problem. I ended up with two machines, both called Something-GX270. Neither complained that the name was a duplicate but they took it in turns to drop off the domain so that users couldn’t login. One actually reverted to its temporary workgroup name that I had used during it’s setup. It wasn’t until I looked at the domain using Altiris that I realized I had two computers with identical names. It was simple enough to join a workgroup and then rename and rejoin the domain thus solving the problem.

  2. Thanks, that helped me a lot. I shared a fresh Windows VM with a couple of employees without running sysprep on them first (oops). They were kicking each other out of the domain but When i disabled the network and logged in it worked.

  3. Hmm this could be the problem with my friends network. I spent so much time the other night trying to figure out why his wireless connection would drop for days on end. I think it might be because someone with a laptop on his network is using a similar name and the network is freaking out because it doesnt know which is which. Thanks for the tip Im going to have to check this out when I go over there next time.

  4. Thank you very much Mark, We have Win7 on a Win2K8 domain, I tried your method, it worked perfect! Un-plugging the network cable is the key, thanks to the cached P/W. Of course your helpful step by step guide saved me a lot of time.

Leave a Reply