domainde logon sorunu

oncelikle butun arkadaslara kolay gelsin...yaklasik bir haftadir bir lokasyonumda ciddi problem yasamaktayim..bazi bilgisayarlarda domaine logon olma sorunu yasiyorum.kullanici hic bir sekilde logon olmamasi yaninda ,adminde logon olamiyor.network iletisimini kesince ancak logon olunabiliyor(tabiki daha once logon olunan sifre ile logon olunuyor),bilgisayarlari domainde cikarip ,bilgisayar ismini degistirip yeniden domaine sokunca problem cozuluyor,ama gun icinde farkli kullanicilar benzer problem yasiyor...dhcp yi ,domaini ,ve swicleri restart edince bazi bilgisayarlarin problemi cozuluyor,hepsi icinde gecerli deil,gecen hafta icerisinde 60 askin bilgisayarin oldugu lokasyonda 3-4 bilgisayari domainde cikarip isim degisme yoluyla yeniden sisteme sokabildim...en son alinan system state yedegi yaklasik 1 bucuk ay oncesine ait oldugu icin,domainde restorasyon islemine girmedim...lokasyonda dc,adc ve tmg mevcut...(not:ayrica bazi bilgisayarlar ip sorunu yasiyor,dhcp yi restart edip,yada ethernet kartini disable,enable yontemi ve ayrica switcleri kapa ac yontemi uygulayarak ancak domaine alabiliyorum,dns de problem almiyorum)..

alinan event hatalari su sekilde

1-event id =36886

source=Schannel

No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this.

 

2- event id =36869

source= Schannel(system)

The SSL server credential's certificate does not have a private key information property attached to it. This most often occurs when a certificate is backed up incorrectly and then later restored. This message can also indicate a certificate enrollment failure. 

 

 

3-event id=4107

source= CAPI2(aplication)

 Failed extract of third-party root list from auto update cab at: < http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

 

4-event id=1220

source=ActiveDirectory_DomainService(directory services) 

LDAP over Secure Sockets Layer (SSL) will be unavailable at this time because the server was unable to obtain a certificate. 

 

Additional Data 

Error value:

8009030e No credentials are available in the security package 

 5-event id=1070(bu gecen hafta alinan hata kodu)

source=dhcp server 

Iashlpr initialization failed: The DHCP service was unable to access path specified for the audit log.

, so DHCP server cannot talk to NPS server. It could be that IAS service is not started. 

6-event id=1002

source=ADWS

7-event id=29

source=Kerberos-Key-Distribution-Center

 

The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.