Can not authenticate a new Domain Controller

From: brett (
Date: 06/13/02

From: "brett" <>
Date: Thu, 13 Jun 2002 07:41:16 -0700

   I recently added a new DC to my domain. This is a test
lab. My new DC is a dual-boot system with win 2k pro and
win 2k advanced server. I joined the domain using win2k
advanced server. I was already a member of the domain
using win2k pro (on the same computer remember). I
rebooted into 2k pro and logged onto the domain - no
problem. Then I changed the NIC. Then I changed back to
the original NIC. Now for some reason when I boot into
win2k advanced server I can no longer log into the domain.
I understand that there are security settings and unique
ID's created and I was thinking maybe all of this screwing
around has somehow gotten my new DC blocked out of the
domain. On my original DC, the one the new DC is trying to
authenticate with, I get this error log:
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5722
Date: 6/13/2002
Time: 9:33:12 AM
User: N/A
Computer: DELL
The session setup from the computer DC2 failed to
authenticate. The name of the account referenced in the
security database is DC2$. The following error occurred:
Access is denied.
0000: 22 00 00 c0 "..

Dell is the original DC - DC2 is my new DC that can't
authenticate. I also got this error log on dell:
Event Type: Warning
Event Source: Schannel
Event Category: None
Event ID: 36872
Date: 6/13/2002
Time: 10:11:56 AM
User: N/A
Computer: DELL
No suitable default server credential exists on this
system. This will prevent server applications that expect
to make use of the system default credentials from
accepting SSL connections. An example of such an
application is the directory server. Applications that
manage their own credentials, such as the internet
information server, are not affected by this.
I have no idea what this last one means. Anyhow, I can not
create any shares between the computers. Under "my
networks places" only the server I'm on shows up. This
works for both servers. I can not replicate WINS
information between the two servers. However I can
replicate a forward look-up zone created on dell and
forwarded to dc2. They can ping each other by IP or by
computer name.
  On dc2, at the same time I got the original error
message on dell(the first error message I listed) I also
got this error log on dc2 (the one which can't
authenticate on the domain):
Logon attempt failed with the following error:the user has
not been granted the requested logon type at this
By "this computer" I assume it means dell - my original
DC. My question of course is what do I have to do to get
this computer logged on to the domain again? Is there a
way to reset the security ID or something?
One final note - when I originally joined dc2 to the
domain, I did it under a different user than I use now. I
remember giving the original user permission to add the
computer to the domain. I tried logging in as the original
user again but it isn't working. It lets me log onto dc2
with that user name, but not onto the domain. If I try
logging into the domain it just says "the domain either
doesn't exist or can not be contacted. Thanx a lot for
reading through all of this. I appreciate the help.