domain user account won't log in

I have about 40 computers that log into a Windows 2003 domain. They all log in just fine. However, I’m testing Comodo Time Machine on one of those computers (Windows XP SP3) and it’s set to restore the current image on each restart. Usually it works just fine and CTM works as it should. However, about once every month, the computer will not log into a domain account. It won’t accept the password and the only way to get into Windows is to log in as the local Admin. Once I’m in, I have to remove the computer from the domain…and then reconnect to the domain. Then I have to make a new updated image in CTM and all is well again for another month. This only happens on the computer with CTM…so I know it’s an issue with that. Any ideas?

Same here. My suggestion: An issue with internal mechanism of Active Directory… At a defined time (I think 30 days or somenthing) internal tokens and passwords between Active Directory objects are changed because of security reasons. Time Machine freezes the system at a certain point and reloads it at every system restart, including the old internal tokens. Works fine for some time but at automatic password change, the change isn’t transferred to the client. You would also encounter this problem, if you don’t connect a client to the domain over a longer time…

I opened a ticket at Comodo support, waiting for a solution.

Two possible workarounds (try at own risk, not recommended by Microsoft…):

  1. Microsoft Support

  2. Haven’t tried this but I think this would also work: Create a task on DC which periodically resets the computer accounts which have Time Machine installed.

I hope this error is not system immanent and Comodo is able to solve it…

Thanks for the reply. I’m glad I’m not the only one seeing the issue. I have the passwords for the user accounts on the domain controller set to ‘never expire’. Also, the other 30+ machines, which run Deep Freeze, have no problem logging in to the DC.

I’ll play around with the workarounds and see what happens.

Please post any ticket results you get to this thread. Thanks…

No, setting user accounts to ‘never expire’ is not the same… Moreover, it’s an issue with computer account, not user account. For example, you set an account to expire when it’s obvious that a certain user or computer will not longer use the account at a given time. Or he shouldn’t, whatever.

I’ve also never experienced such problem with Steady State (unfortunately not longer supported by Microsoft, no version for Windows 7) nor with PC-Wächter.

Just in this moment, Comodo support gives an answer:
This issue is not CTM related. CTM does not change windows account, active directory settings or network configurations.

It seems that they didin’t get the problem, I’ll make another try to forward them to a possible solution.

What else comes in my mind: Maybe setting the system to reload baseline at each start is false? Today, I’ll make some tests with creating a new baseline at each system start. Then I’ll wait what happens over time…

I’ll get back to you for more information, if I get any. Also be interested in your opinion / experiences!

I’m wondering if any of you have had success finding a solution to this? I am on a MS 2008R2 (workstations are Win7) server and am losing the domain trust on a regular basis. I’M READY TO ABANDON COMODO.

Any progress?

Tested with resetting computer account as the problem occcurs. Result: Worked two times or so then it doesn’t anymore. So forget about my workaround, part 2.

Tested with other settings like setting a new baseline at restart. Result: Ended up in a loop, had to uninstall Time Machine.

Informed support again, no reaction. It seems to me that they aren’t capable of getting a point to the essential problem. At least that’s my opinion.

Although this software is free, I would think twice using other Comodo software, aware of this behaviour…

Now testing with Deep Freeze, as a private highschool, we get nice prices. For me, PC-Wächter is the best solution I found till now. Steady State was a little bit tricky sometimes, but at least is was reliable. And also free. I’ve no longer time and energy to waste my time with Time Machine, if someone knows an reliable alternative, please let me know!

We are a private K-6 so our pricing should be similar. Would you mind sharing this offiline with me at rshaw@greenwoodchristian.com ?

I am in the process of trying your first solution with the registry hack. I’ve got enough machines, if I ■■■■ up one trying to fix the others… :slight_smile:

BTW - WonderShare Time Freeze also has a more dated but free version available… and it looks a lot easier than Comodo.

I’ll let you know how my test with Registry Hack goes.

OK… so far, the registry fix appears to be working!

In short, here is the entry for each of the workstations:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
“DisablePasswordChange”=dword:00000001

It’s been 3 weeks with no issues now. I’ll let you know if any problem arises, but it looks like this will do the trick!!

Cool…keep us posted! I just had to remove and re-add the CTM computer from the domain yesterday. What a hassle! I’ll try the registry fix as well and see how it goes.

Thanks gcc-it, you find the cause of the problem.
In fact, as the same reason, if restore OS by using disk backup tools such as Symantec Ghost, Acronis True Image, etc.), may no longer log into the Domain.

Any update on this issue? Does the registry fix work?

Has anybody found a way around this yet? did the registry hack work?

I am also getting this problem on 30 machines and they stop automatically logging in once a month and i have to log into time machine, remove scheduled task, delete snapshot, remove computer from domain, restart, add it back to domain, re-add auto login registry, restart then retake snapshot and reschedule auto restart and this goes on fine for 30 days or so, only to repeat the same behavior on all 30 machines, i’ve been doing this for a couple months but it’s very annoying.

Also on a side note, there are a couple machines which i just did yesterday or day before which i had to do again today.

I work at a school and sometimes students will restart PC to make sure all their logins on browsers are erased from system and sometimes i have to do this process while a student waits and its very embarrassing, please if anybody can help, i thank you all in advance.

well it’s been a month and a half after doing this and still none of the machines have had any problems, i’m happy to say this is how to solve it, thanks alot!