Hi all,

Recently I found on our domain that I couldn't connect to \\contoso, but could connect to \\dc-contoso-1 and \\dc-contoso-2

Basic tests on DC were OK, and finally found that somehow, someone joined a computer to the domain with the same domain name, that is, computer account CONTOSO$ was created on domain CONTOSO.

If that matters, one of our DC is server 2008R2 and other one is 2003. 

What also amazed me is that after digging in event viewer, found the computer CONTOSO joined domain on october 2014, that's 5 months ago!

So, basically, my 2 questions are:

1) How can I prevent this to happen again? Somehow I thought A.D. wouldn't let join a computer with same name as the domain it joins.

2) What things may have been broken while this computer name is listed in domain? I'm still amazed that users could log in, and that GPOs (apparently) worked fine, so, what should I expect to see working again now? Lately I had problems with shared printers on print servers, and seen strange event id 4 with KRB_AP_ERR_MODIFIED errors that may be related to it, but not sure at all if that may be related or not with this.

Thanks in advance

1) How can I prevent this to happen again? Somehow I thought A.D. wouldn't let join a computer with same name as the domain it joins.

You can one of the following:
Being preventive: Restrict domain joining to only your administrators and technicians by denying the domain join capability for other users: http://support.microsoft.com/en-us/kb/243327

Being active: You can run a script every hour that will check if a new computer was joined to your domain with the unwanted name then you will be alerted to take action.

2) What things may have been broken while this computer name is listed in domain? I'm still amazed that users could log in, and that GPOs (apparently) worked fine, so, what should I expect to see working again now? Lately I had problems with shared printers on print servers, and seen strange event id 4 with KRB_AP_ERR_MODIFIED errors that may be related to it, but not sure at all if that may be related or not with this.

It should be an interference that the computer created with NetBIOS resolution through broadcasting. That explains what happened to you.

Hi,

Lately I had problems with shared printers on print servers, and seen strange event id 4 with KRB_AP_ERR_MODIFIED errors that may be related to it, but not sure at all if that may be related or not with this.

Yes, i think it is related to the same computer name in domain. You could fix it by taking the computer out of the domain, renaming it, changing the SID, and changing the IP address.

http://blogs.msmvps.com/vandooren/2009/04/02/the-kerberos-client-received-a-krb-ap-err-modified-error/

Hope this is helpful.

Regards.